1

I have Windows 2012 Server with RRAS set up on it to allow clients to connect via SSTP VPN.

I have correctly set up the certificate on the server and issued it to clients.

Whilst my clients that are Windows 7 can connect successfully to the SSTP VPN I am having trouble with Windows 10 clients. So I believe my issue is to to with the Windows 10 configuration.

On the affected machine I have:

  1. Created registry entry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\Parameters Registry entry: NoCertRevocationCheck and set the DWORD value to 1 to skip the revocation check.
  2. Imported the certificate from the server into the Trusted CA Store on the client via the MMC.
  3. Set the VPN with the exact settings as the working Windows 7 - I have verified these all to be correct.

When I try to connect I immediately given the message

The revocation function was unable to check revocation because the revocation server was offline.

In event viewer I see this event RaSSTP Event Id 1

{DA080900-33F8-4533-B701-0CB612FA6F6A} Error Message The revocation function was unable to check revocation because the revocation server was offline.

This is puzzling to me as the SSTP server is obviously configured correctly by the other clients and the certification check should be skipped by the registry entry in my Windows 10 system.

Just to note no clients are domain members so I can't use DirectAccess.

Thanks for your input

Dee Kay
  • 11
  • 1
  • 3
  • Did you try http://www.page-house.com/blog/2009/04/how-to-disable-crl-checking.html and https://blogs.msdn.microsoft.com/kaushal/2012/10/15/disable-client-certificate-revocation-crl-check-on-iis/? I saw you post that you made some client-side changes, just making sure you made server-side changes as well. – Douglas Karr Walston Oct 24 '16 at 19:04
  • why not buy the cert, they're like $9/year, or letsencrypt, or publish your crl/ocsp publicly on an internal CA. – Jacob Evans Oct 25 '16 at 03:05

0 Answers0