Certificate Error When Trying Sstp Vpn

[aitkendrum]

Hello,

I've just set up a server to act as a VPN server and I'm trying to use the SSTP VPN as the connection point. However, everytime I try to connect I get "error 800b0109 A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.". I followed the setup/install guide by Thomas Shinder (windowssecurity.com) and Microsofts own instructions! So, I create my first VPN connection as PPTP (this works), I then got the certificate (http://{internal ip address}/certsrv/) and install it into "Trusted root certificates". I then change my VPN Connector (on windows 7) to SSTP and try to connect. Then I get the error! Can anyone help? TIA

 

[ICTCity]

Never tried with SSTP, anyway, are you sure the problem is not with the client? Maybe you must trust the certificates from the client...

 

[aitkendrum]

I don't think so! As far as I can tell the certificate is made up of two parts: the root certificate (from Enterprise CA) looking something like 'domain netbios name-Server Name-CA' and the domain certificate (generated through IIS) that looks something like 'servername.domain.com'. I'm going to try manually adding both certificates to the client to see if that helps (shouldn't need to as they are chained together)!

 

[ICTCity]

I really have no idea, I've just found this topic:
http://social.msdn.microsoft.com/Forums/en/wcf/thread/6efca16a-12bf-44a2-82c2-f0868b952127

Maybe it can help you in some way.

 

[aitkendrum]

Hi ICTCity, thanks for the link it actually made some sense. However, a minor problem in that it pulls up another error which is "80072afc The requested name is valid, but no data of the requested type was found.". I'm off to have a roam and see if I can find out what this means! If you like, when I've finally got this working I'll write it up and send you a copy.

 

[ICTCity]

Yes, this is interesting, I never seen 80072afc error!

Thanks.

 

[Mphilip]

Did you found an answer on the 80072AFC error?