I am attempting to setup a SSTP VPN on our current file server. We have three servers, one is running WS2k3 (DC and DNS), one web server and our new file server running WS2k8. I have set up the file server with RRAS and the DC was already set up when I got here. Depending on which protocol I use (IP or server name), I either get a 868 error from the client or a 800 error. I think the issue is the firewall but I'm not sure. I'm running IPtables to monitor the packets. Any help? I can post whatever information is necessary just let me know.

Hi, Thanks for posting here. Where was the client computer connected when this issue occurred ? Could you discuss how did you set SSTP VPN in your environment? You may refer to the article below and compare with your settings: SSTP Remote Access Step-by-Step Guide: Deployment http://technet.microsoft.com/en-us/library/cc731352(WS.10).aspx According the error ID , I suspect this issue may related with incorrect certificate setting , could you try verifying that ? Meanwhile, here are some general troubleshooting articles for your refer : How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008 http://support.microsoft.com/kb/947031 How to debug SSTP specific connection failures http://blogs.technet.com/b/rrasblog/archive/2007/09/26/how-to-debug-sstp-specific-connection-failures.aspx Troubleshooting common VPN related errors http://blogs.technet.com/b/rrasblog/archive/2009/08/12/troubleshooting-common-vpn-related-errors.aspx For more information please refer to “sstp” tag on RRAS official blog on our TechNet: Routing and Remote Access Blog http://blogs.technet.com/b/rrasblog/archive/tags/sstp/default.aspx?PageIndex=1 Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I checked the certificates and made sure they were correct, as well as making sure everything else is working fine. Now that I've gone through everything, I'm getting a 800B0109 error. I went through and made sure the certificate is in the Trusted Root and it is; as well as being current. I'm not sure as to what I'm supposed to do next to troubleshoot this. Thanks for the help in advance.

The Client computer is connected in our branch office out of state. I have set up RRAS according to all the instructions that I have followed to the T. I also made sure the certificate is correct. I had to change the listening port from the defualt and also followed the correct instructions to do so. The error I keep getting now is just the 868 error. It is telling me the DNS is not resolving correctly. I have looked at the entire tree and I can't see any problems with the DNS, so I'm not sure where the problem is. I guess I need to troubleshoot the DNS and see about problems with that. UPDATE: I went through the certificates service and found that it wasn't set up correctly. I will update this as soon as I have finished making sure everything is correct.

Hi, Thanks for update. Could you verify that if CA server is reachable form either VPN client and RRAS server? Meanwhile, could you also discuss how did you set the certification for SSTP VPN service in this scenario ? You could also try replacing a new certification on CA and re issue to SSTP VPN client and see how is going : How to change the machine certificate of SSTP based RRAS server http://blogs.technet.com/b/rrasblog/archive/2007/10/04/how-to-change-the-machine-certificate-of-sstp-based-rras-server.aspx Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger, Ok, so I have gone through everything and found what I believe to be the problem. Our VPN server is setup to also run remoteapps through TS Web, and there is a ssl certificate we are using for the gateway. The server is bound to this ssl certificate. The certificate that is created using CA isn't usable with TS Gateway. Here's the dilemma. If I bind the CA certificate, it knocks out the TS gateway, in turn shutting off any remoteapps. On the other hand, if I bind the ssl certificate, I can't use it for VPN. Is there a way around this?? Is there a CA certificate that is usable for TS Gateway and SSTP VPN??

Hi, Thanks for update. If you are using Windows server 2008 , system will picks up a certificate available in the cert store and do the SSL binding of the same and cache that information to do the crypto biding for inbound connection. You may take look the article below which discussed similar situation like yours: How to change machine certificate on the SSTP server http://blogs.technet.com/b/rrasblog/archive/2007/11/08/do-you-want-to-change-the-certificate-used-by-the-sstp-server-read-how.aspx Meanwhile, in Windows server 2008 R2 we can special the certificate for incoming connection: How to change certificate on SSTP server - in Windows server 2008 R2 http://blogs.technet.com/b/rrasblog/archive/2009/02/11/sstp-certificate-selection.aspx Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi, Thanks for update. If you are using Windows server 2008 , system will picks up a certificate available in the cert store and do the SSL binding of the same and cache that information to do the crypto biding for inbound connection by default. However in Windows server 2008 R2 this have been changed , we can special the certificate for incoming connection: How to change certificate on SSTP server - in Windows server 2008 R2 http://blogs.technet.com/b/rrasblog/archive/2009/02/11/sstp-certificate-selection.aspx Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.