Link to home
Create AccountLog in
Avatar of burny1
burny1Flag for South Africa

asked on

Problem connecting to VPN server via ssl

Hi all,

Since Apple decided to stop allowing PPTP, we had to reset our VPN server to use SSL / SSTP. I have set up the server as per the guidelines from Microsoft, however I am unable to connect to the server. I get the following error message: The revocation function was unable to check revocation because the revocation server is offline. I have checked all the services on the server and everything seems to be up and running. In the event viewer I get error 18:

The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.

The system cannot find the file specified.

I do not know which file it is looking for.
Avatar of masnrock
masnrock
Flag of United States of America image

Here's an article from Microsoft detailing which the key to look for and perhaps fix permissions on: https://technet.microsoft.com/en-us/library/dd315941(v=ws.10).aspx
Avatar of burny1

ASKER

Apologies for only replying now - been out the office for the last week. Will check and revert.
Avatar of burny1

ASKER

So I went to the registry, however when I click modify there is no option to change a value to 32. I attach screen shot of what comes up. Any ideas what I need to change?
hash.JPG
Did you check the permissions?
Avatar of burny1

ASKER

Yes I changed it. That was when I was able to click on modify.
Great. Restart the machine and then try connecting again... What happens?
Avatar of burny1

ASKER

Seems that the error is gone, however now I get a different error: The revocation function was unable to check revocation because the revocation server was offline.
What is the name of the CRL file?
Avatar of burny1

ASKER

Where would I fine the file?
Sorry... lost track of the question. Here's an article for you to check out: http://fix.lazyjeff.com/2014/05/revocation-function-was-unable-to-check.html
if you inspect the certificate using the MMC or certmgr.exe , select extensions onlyUser generated image click on CRL distribution points and you will see the URL.
Avatar of burny1

ASKER

thanks i will look at this and revert!
ASKER CERTIFIED SOLUTION
Avatar of burny1
burny1
Flag of South Africa image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of burny1

ASKER

Solutions offered did not work.