Hi,
I’m setting up UAG for my company and have the RDC stuff we use working fine.
I now need to get SSL VPN working.
Because we have Windows 7 64-bit clients, we need to use the SSTP network tunnelling.
It appears to work to a certain extent because I can make the connection, but it then get the bubble message on the task bar stating that the connection was ended.
I’m convince this is not certificate related, because I have tried changing the protocol to PPTP only which does not require a certificate.
I can only think I have had a chair to keyboard interface error, so here are the settings I’m using.
Someone please point out my stupidity and put me out of my misery… (some bits i’ve altered for security)
SSL Network Tunelling Configuration:
Enable remote client VPN access ticked.
General tab, max VPN connection, 100
Trunk, (our only trunk)
Public host name, (the external dns address of the server — same as the certificate address)
Protocols tab, SSTP only
IP Address Assignment, (static IP range of 100 addresses in our internal IP range — yes I’ve excluded them from the internal adapter)
SSL Protocol Setting
Left as default,
(168 triple des and 128 RC4, key exchange, both, protocols TLS ans SSLv3)
Application properties (Remote Network Access)
General tab, Inactivity period 90 mins
Server settings tab, Server (internal server IP address) — Yellow exclamation mark next to it, but it accepts it
Port 6003, again a yellow exclamation mark
Executable and Arguments left as default
Endpoint Policy Settings tab — left as default (Default non web application access
Client setting tab, set as VPN, no restrictions
Portal link tab, left as is. (Named SSL VPN)
Authorization tab, Authorize all users unticked.
2 groups addedd, 1st is the IT dept which includes me, and the second is a RAG for VPN users, which also includes me.
When I log in to the UAG portal using a PC set up as a non-domain external home PC, I can access the Remote desktop applications that are set up, without issue, but when I try to run the SSL VPN link a window opens, and something runs and appears to connect,
but I then get the dreaded buble message saying that the connection ended.
As mentioned, I have ruled out the certificate problem possibility as I’ve tried changing the
SSL Tunneling Protocol to PPTP only and it still does the same.
What am I missing?
Thanks for any help you can provide.
Adrian
Hi,
I’m setting up UAG for my company and have the RDC stuff we use working fine.
I now need to get SSL VPN working.
Because we have Windows 7 64-bit clients, we need to use the SSTP network tunnelling.
It appears to work to a certain extent because I can make the connection, but it then get the bubble message on the task bar stating that the connection was ended.
I’m convince this is not certificate related, because I have tried changing the protocol to PPTP only which does not require a certificate.
I can only think I have had a chair to keyboard interface error, so here are the settings I’m using.
Someone please point out my stupidity and put me out of my misery… (some bits i’ve altered for security)
SSL Network Tunelling Configuration:
Enable remote client VPN access ticked.
General tab, max VPN connection, 100
Trunk, (our only trunk)
Public host name, (the external dns address of the server — same as the certificate address)
Protocols tab, SSTP only
IP Address Assignment, (static IP range of 100 addresses in our internal IP range — yes I’ve excluded them from the internal adapter)
SSL Protocol Setting
Left as default,
(168 triple des and 128 RC4, key exchange, both, protocols TLS ans SSLv3)
Application properties (Remote Network Access)
General tab, Inactivity period 90 mins
Server settings tab, Server (internal server IP address) — Yellow exclamation mark next to it, but it accepts it
Port 6003, again a yellow exclamation mark
Executable and Arguments left as default
Endpoint Policy Settings tab — left as default (Default non web application access
Client setting tab, set as VPN, no restrictions
Portal link tab, left as is. (Named SSL VPN)
Authorization tab, Authorize all users unticked.
2 groups addedd, 1st is the IT dept which includes me, and the second is a RAG for VPN users, which also includes me.
When I log in to the UAG portal using a PC set up as a non-domain external home PC, I can access the Remote desktop applications that are set up, without issue, but when I try to run the SSL VPN link a window opens, and something runs and appears to connect,
but I then get the dreaded buble message saying that the connection ended.
As mentioned, I have ruled out the certificate problem possibility as I’ve tried changing the
SSL Tunneling Protocol to PPTP only and it still does the same.
What am I missing?
Thanks for any help you can provide.
Adrian
Hi,
I’m setting up UAG for my company and have the RDC stuff we use working fine.
I now need to get SSL VPN working.
Because we have Windows 7 64-bit clients, we need to use the SSTP network tunnelling.
It appears to work to a certain extent because I can make the connection, but it then get the bubble message on the task bar stating that the connection was ended.
I’m convince this is not certificate related, because I have tried changing the protocol to PPTP only which does not require a certificate.
I can only think I have had a chair to keyboard interface error, so here are the settings I’m using.
Someone please point out my stupidity and put me out of my misery… (some bits i’ve altered for security)
SSL Network Tunelling Configuration:
Enable remote client VPN access ticked.
General tab, max VPN connection, 100
Trunk, (our only trunk)
Public host name, (the external dns address of the server — same as the certificate address)
Protocols tab, SSTP only
IP Address Assignment, (static IP range of 100 addresses in our internal IP range — yes I’ve excluded them from the internal adapter)
SSL Protocol Setting
Left as default,
(168 triple des and 128 RC4, key exchange, both, protocols TLS ans SSLv3)
Application properties (Remote Network Access)
General tab, Inactivity period 90 mins
Server settings tab, Server (internal server IP address) — Yellow exclamation mark next to it, but it accepts it
Port 6003, again a yellow exclamation mark
Executable and Arguments left as default
Endpoint Policy Settings tab — left as default (Default non web application access
Client setting tab, set as VPN, no restrictions
Portal link tab, left as is. (Named SSL VPN)
Authorization tab, Authorize all users unticked.
2 groups addedd, 1st is the IT dept which includes me, and the second is a RAG for VPN users, which also includes me.
When I log in to the UAG portal using a PC set up as a non-domain external home PC, I can access the Remote desktop applications that are set up, without issue, but when I try to run the SSL VPN link a window opens, and something runs and appears to connect,
but I then get the dreaded buble message saying that the connection ended.
As mentioned, I have ruled out the certificate problem possibility as I’ve tried changing the
SSL Tunneling Protocol to PPTP only and it still does the same.
What am I missing?
Thanks for any help you can provide.
Adrian
also certificate hash match for all
C:UsersAdministrator>netsh http show sslcert
SSL Certificate bindings:
————————-
IP:port : 0.0.0.0:443
Certificate Hash : aa2b77be96a51a7efe27e49960a9f279d1f823cb
Application ID : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set
IP:port : 192.168.52.101:443
Certificate Hash : aa2b77be96a51a7efe27e49960a9f279d1f823cb
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set
IP:port : [::]:443
Certificate Hash : aa2b77be96a51a7efe27e49960a9f279d1f823cb
Application ID : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
also somehow error code changed in event viewer 
CoId={A2250444-0B32-0005-C47B-28A2320BD701}:The server has refused the Secure Socket Tunneling Protocol (SSTP) request. Either a failure response code or no response code was received. The data portion below contains the response code that was received from the server. This is the HTTP status code present in the response. It can be because the web proxy or the SSTP server might be rejecting the connection, the server might not be configured for SSTP or the server might not have a port available for connection
