RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
Symptom6: Client tries to connect to SSTP VPN server and it fails to connect giving error message 0x80092013
Trouble-shooting steps: This will happen if client is failing the certificate revocation check of the SSL certificate obtained from server side. Ensure the CRL check servers on the server side are exposed on the Internet. This is because CRL check is done on the client side during SSL connection establishment phase and the CRL check query will be directly going on the Internet.
The CRL distribution point in your certificate should point to your external DNS name. The SSTP guide does not address this deployment issue that the VPN server’s internal DNS name is referenced in CRL. By default, the CRL URL is set to server’s internal DNS name (e.g. vpn1.contoso.local).
To troubleshoot this issue, follow these steps:
1. Open Server Manager and navigate to Roles, Active Directory Certificate Services
2. Right click on CA name (e.g. mycompany-vpn1-CA) and choose Properties.
3. Click Extensions tab.
4. Select the pre-existing http: URL and click Remove.
5. Click Add…
6. Type http://
7. Type external URL of VPN server
8. Type CertEnroll/
9. Insert variable <CaName>
10. Insert variable <CRLNameSuffix>
11. Insert variable <DeltaCRLAllowed>
12. Type .crl
13. Check boxes Include in CRLs… and Include in the CDP…
Note These steps should be done before SSTP VPN is configured. Otherwise, one must revoke the old cert and then request, issue, and install the new one.
For more information about SSTP-based connection failures, click the following article number to view the article in the Microsoft Knowledge Base:
947031 How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008
For more information about how to troubleshoot SSTP, go to the following Microsoft TechNet blog:
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.