Problem connecting to VPN server via ssl
Hi all,
Since Apple decided to stop allowing PPTP, we had to reset our VPN server to use SSL / SSTP. I have set up the server as per the guidelines from Microsoft, however I am unable to connect to the server. I get the following error message: The revocation function was unable to check revocation because the revocation server is offline. I have checked all the services on the server and everything seems to be up and running. In the event viewer I get error 18:
The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.
The system cannot find the file specified.
I do not know which file it is looking for.
Since Apple decided to stop allowing PPTP, we had to reset our VPN server to use SSL / SSTP. I have set up the server as per the guidelines from Microsoft, however I am unable to connect to the server. I get the following error message: The revocation function was unable to check revocation because the revocation server is offline. I have checked all the services on the server and everything seems to be up and running. In the event viewer I get error 18:
The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.
The system cannot find the file specified.
I do not know which file it is looking for.
masnrock
Here's an article from Microsoft detailing which the key to look for and perhaps fix permissions on: https://technet.microsoft.
ASKER
Apologies for only replying now - been out the office for the last week. Will check and revert.
ASKER
So I went to the registry, however when I click modify there is no option to change a value to 32. I attach screen shot of what comes up. Any ideas what I need to change?
hash.JPG
hash.JPG
Did you check the permissions?
ASKER
Yes I changed it. That was when I was able to click on modify.
Great. Restart the machine and then try connecting again... What happens?
ASKER
Seems that the error is gone, however now I get a different error: The revocation function was unable to check revocation because the revocation server was offline.
What is the name of the CRL file?
ASKER
Where would I fine the file?
Sorry... lost track of the question. Here's an article for you to check out: http://fix.lazyjeff.com/20
if you inspect the certificate using the MMC or certmgr.exe , select extensions only
click on CRL distribution points and you will see the URL.
click on CRL distribution points and you will see the URL.
ASKER
thanks i will look at this and revert!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solutions offered did not work.