Link to home
Start Free TrialLog in
Avatar of bhaf
bhafFlag for United States of America

asked on

Windows Server 2012 R2 Essentials VPN Fails After Certificate Was Renewed

About a year ago, we set up our office with four Windows Server 2012 R2 servers running in VMware virtual machines. One of these is configured with the Windows Server Essentials role and is our domain controller. We configured Anywhere Access for both virtual private network (VPN) and remote web access (RWA) using a third-party certificate from GeoTrust. We have Windows 8.1 Enterprise clients with about 8 users that occasionally connect via the VPN. All has been working fine for the last year until this morning.

Over the weekend, our certificate expired, so I purchased and installed a new one this morning. Since then, no one is able to connect to the VPN. When we try to connect, it goes through very quickly and looks like it is connecting (and even very briefly shows "Connected"), but the connection is not made (or it is dropped) and no error is displayed. We ARE able to log on to the RWA site with the new certificate.

When I received the new certificate, I edited the bindings for the Default Web Site on the Essentials server to use the new cert. After we discovered the problems, I also ran through the Anywhere Access configuration wizard again. I don't know if there is something else I need to do or what the problem is. One other note is that the new certificate is using SHA-2 instead of SHA-1.

Do you have any thoughts on what the problem might be or where to look for more information? Again, we don't receive any error message, the connection just seems to drop as soon as it is made.

Thanks.
Avatar of Zephyr ICT
Zephyr ICT
Flag of Belgium image

Is the new certificate in the certificate (root) store? Is the old one still in there but the new one isn't?
Avatar of bhaf

ASKER

The new one shows in the Personal folder of the Local Computer Certificates on the server in question which is where the old one showed up. (Is that what you mean by the certificate store?) I deleted the old one before I was aware of this problem, however, so only the new one shows now.

I just tried quickly using a self-signed certificate, and that gives an error 800 when I try to connect. Haven't looked into that yet as we're not trying to use a self-signed cert.
SOLUTION
Avatar of Zephyr ICT
Zephyr ICT
Flag of Belgium image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Also, if you check the certificate through your browser, does it say that you have the private key that corresponds with the certificate?
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Great find, thanks for the follow up!
Avatar of bhaf

ASKER

I appreciate spravtek jumping in to help as I couldn't find anything about this on the web when I first looked. But I kept searching and eventually found an article elsewhere that led me to a resolution. Thanks anyway spravtek!
No problem, thanks for writing down the solution, it will surely help others!