How to troubleshoot Secure Socket Tunneling Protocol (SSTP) based connection failures when client fails to connect to SSTP VPN server giving error message 0x80092013

Article translations Article translations
Article ID: 961880 - View products that this article applies to.
Expand all | Collapse all
Source: Microsoft Support

RAPID PUBLISHING

RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.

Symptom

While you follow the SSTP Remote Access Step-by-Step Guide: Deployment, you may receive the following error:

Symptom6: Client tries to connect to SSTP VPN server and it fails to connect giving error message 0x80092013

Trouble-shooting steps: This will happen if client is failing the certificate revocation check of the SSL certificate obtained from server side. Ensure the CRL check servers on the server side are exposed on the Internet. This is because CRL check is done on the client side during SSL connection establishment phase and the CRL check query will be directly going on the Internet.

The CRL distribution point in your certificate should point to your external DNS name. The SSTP guide does not address this deployment issue that the VPN server’s internal DNS name is referenced in CRL. By default, the CRL URL is set to server’s internal DNS name (e.g. vpn1.contoso.local).

More Information

To troubleshoot this issue, follow these steps:



1. Open Server Manager and navigate to Roles, Active Directory Certificate Services

2. Right click on CA name (e.g. mycompany-vpn1-CA) and choose Properties.

3. Click Extensions tab.

4. Select the pre-existing http: URL and click Remove.

5. Click Add…

6. Type http://

7. Type external URL of VPN server

8. Type CertEnroll/

9. Insert variable <CaName>

10. Insert variable <CRLNameSuffix>

11. Insert variable <DeltaCRLAllowed>

12. Type .crl

13. Check boxes Include in CRLs… and Include in the CDP…


Note These steps should be done before SSTP VPN is configured. Otherwise, one must revoke the old cert and then request, issue, and install the new one.

References

For more information about SSTP-based connection failures, click the following article number to view the article in the Microsoft Knowledge Base:  
947031 How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008

For more information about how to troubleshoot SSTP, go to the following Microsoft TechNet blog:
Troubleshooting SSTP

DISCLAIMER

MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.

Properties

Article ID: 961880 - Last Review: January 30, 2013 - Revision: 2.0
Applies to
  • Windows Small Business Server 2008 Standard
  • Windows Small Business Server 2008 Premium
  • Windows Server 2008 Standard
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Datacenter
Keywords: 
kbnomt kbrapidpub KB961880

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com