SSTP Error: Revocation Server

Author	All Replies
johnpsph join:2003-11-16 Saint Louis, MO ·Charter Pipeline	SSTP Error: Revocation Server I currently have two 2008 boxes on my network. One is running IIS, Active Directory Certificate Services and RRAS. The other machine is a domain controller, DNS Server and DHCP Server. The first machine (running RRAS) has two nics, one is the public nic, with a public IP, the other is private, attached to a switch. When I set up the RRAS box for both NAT and VPN, I am able to browse from the other box (or any client on the network), vpn in (via PPTP ONLY), etc. However, in this configuration, I cannot access web pages on the server running IIS (from the internet). If i attempt to connect using SSTP, i get a general error (806 i believe) If i change the RRAS setup to VPN only, I can VPN in (again, using PPTP) and can even browse to web pages on the IIS server (from the internet). However, I still get an error when attempting to connect via SSTP: "the revocation function was unable to check revocation because the revocation server was offline." If anyone can offer me some guidance, I would really appreciate it. It seems that the biggest hangup is getting SSTP to work, but it sems that routing/NAT somehow interferes with accessing web pages from the internet. Thanks in advance.
	to forum · permalink · · 2009-08-17 23:44:16 ·
Matt Take me down to the paradise city Premium join:2003-07-20 Jamestown, NC ·North State Commun..	I haven't played with SSTP yet, but here are a few links I have bookmarked for when I do: How to configure a Secure Socket Tunneling Protocol (SSTP)-based VPN server behind a NAT device in Windows Server 2008 How to deploy SSTP based VPN server behind a NAT router Remote Access Design Guidelines – Part 5: Where to place RRAS server I would start with that last link and make sure your environment meets the requirements.
	to forum · permalink · · 2009-08-17 23:48:12 ·
johnpsph join:2003-11-16 Saint Louis, MO	thanks for the reply. In those regards, my setup is working perfectly. My issues seems to be stemming from the lack of a certificate revocation server (list). Can anyone point me in the right direction as far as setting this up?
johnpsph join:2003-11-16 Saint Louis, MO	to forum · permalink · · 2009-08-19 10:48:30 ·
johnpsph join:2003-11-16 Saint Louis, MO ·Charter Pipeline	All right, here's what I intend to try when I get the chance (this evening): when configuring the client machine, it looks like I use the web autoenroll, where I download the CA cert. On the same page, I have the option to download the CRL. I'm hoping that downloading the CRL will resolve this issue. I'll post back with results. The only concern that I have at the moment is that under the details of the CA cert, I do not have an entry "CRL Distribution Points". Any ideas would be great. Thanks
	to forum · permalink · · 2009-08-19 11:09:22 ·


Saturday, 28-Nov 13:15:06	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF