22 часа назад, vladrnd сказал:
Ну если это не является полезной информацией для выявления решения проблемы … что ж что вам необходимо предоставить и в каком качестве, чтобы первый чих состоялся ?
PS: я также не могу видеть простые рекомендации, кроме как упреков.
Начнем с простого, с того, что вынесено ссылкой в описании форума — где self-test? Где логи серверов, когда подключение не проходит? Вот тот обрубок, который вы прислали от pptp не годится — нужны логи после команды system debug.
А если вы не знаете, с чего начать — вам в техподдержку, как я сразу и сказал. Там за ручку проведут и все разжуют.
Hi,
I’m setting up UAG for my company and have the RDC stuff we use working fine.
I now need to get SSL VPN working.
Because we have Windows 7 64-bit clients, we need to use the SSTP network tunnelling.
It appears to work to a certain extent because I can make the connection, but it then get the bubble message on the task bar stating that the connection was ended.
I’m convince this is not certificate related, because I have tried changing the protocol to PPTP only which does not require a certificate.
I can only think I have had a chair to keyboard interface error, so here are the settings I’m using.
Someone please point out my stupidity and put me out of my misery… (some bits i’ve altered for security)
SSL Network Tunelling Configuration:
Enable remote client VPN access ticked.
General tab, max VPN connection, 100
Trunk, (our only trunk)
Public host name, (the external dns address of the server — same as the certificate address)
Protocols tab, SSTP only
IP Address Assignment, (static IP range of 100 addresses in our internal IP range — yes I’ve excluded them from the internal adapter)
SSL Protocol Setting
Left as default,
(168 triple des and 128 RC4, key exchange, both, protocols TLS ans SSLv3)
Application properties (Remote Network Access)
General tab, Inactivity period 90 mins
Server settings tab, Server (internal server IP address) — Yellow exclamation mark next to it, but it accepts it
Port 6003, again a yellow exclamation mark
Executable and Arguments left as default
Endpoint Policy Settings tab — left as default (Default non web application access
Client setting tab, set as VPN, no restrictions
Portal link tab, left as is. (Named SSL VPN)
Authorization tab, Authorize all users unticked.
2 groups addedd, 1st is the IT dept which includes me, and the second is a RAG for VPN users, which also includes me.
When I log in to the UAG portal using a PC set up as a non-domain external home PC, I can access the Remote desktop applications that are set up, without issue, but when I try to run the SSL VPN link a window opens, and something runs and appears to connect,
but I then get the dreaded buble message saying that the connection ended.
As mentioned, I have ruled out the certificate problem possibility as I’ve tried changing the
SSL Tunneling Protocol to PPTP only and it still does the same.
What am I missing?
Thanks for any help you can provide.
Adrian
Hi,
I’m setting up UAG for my company and have the RDC stuff we use working fine.
I now need to get SSL VPN working.
Because we have Windows 7 64-bit clients, we need to use the SSTP network tunnelling.
It appears to work to a certain extent because I can make the connection, but it then get the bubble message on the task bar stating that the connection was ended.
I’m convince this is not certificate related, because I have tried changing the protocol to PPTP only which does not require a certificate.
I can only think I have had a chair to keyboard interface error, so here are the settings I’m using.
Someone please point out my stupidity and put me out of my misery… (some bits i’ve altered for security)
SSL Network Tunelling Configuration:
Enable remote client VPN access ticked.
General tab, max VPN connection, 100
Trunk, (our only trunk)
Public host name, (the external dns address of the server — same as the certificate address)
Protocols tab, SSTP only
IP Address Assignment, (static IP range of 100 addresses in our internal IP range — yes I’ve excluded them from the internal adapter)
SSL Protocol Setting
Left as default,
(168 triple des and 128 RC4, key exchange, both, protocols TLS ans SSLv3)
Application properties (Remote Network Access)
General tab, Inactivity period 90 mins
Server settings tab, Server (internal server IP address) — Yellow exclamation mark next to it, but it accepts it
Port 6003, again a yellow exclamation mark
Executable and Arguments left as default
Endpoint Policy Settings tab — left as default (Default non web application access
Client setting tab, set as VPN, no restrictions
Portal link tab, left as is. (Named SSL VPN)
Authorization tab, Authorize all users unticked.
2 groups addedd, 1st is the IT dept which includes me, and the second is a RAG for VPN users, which also includes me.
When I log in to the UAG portal using a PC set up as a non-domain external home PC, I can access the Remote desktop applications that are set up, without issue, but when I try to run the SSL VPN link a window opens, and something runs and appears to connect,
but I then get the dreaded buble message saying that the connection ended.
As mentioned, I have ruled out the certificate problem possibility as I’ve tried changing the
SSL Tunneling Protocol to PPTP only and it still does the same.
What am I missing?
Thanks for any help you can provide.
Adrian
I’m trying to make an SSTP VPN connection from a client machine and receive the error underneath in event viewer.
CoId={2F4E97DE-E69D-45C4-B52A-796B2F6BF893}: The user PC-OZ-01username dialed a connection named EVPN which has failed. The error code returned on failure is -2147023660.
Event ID 20227
I tried to disable the anti-virus and firewall but the issue persists. I even tried to use different computers and checked the internet connection to ensure I’m online. I can ping the ISS server by using https://myserver Opens a new window so I know it is reachable via the web. We have an edgerouter between the server and IPs router with the 443 port open.
Any help would be appreciated.
Any help would be great.
I’ve been using SSTP VPNs for many, many years now as it was a great way of accessing a VPN server when you’re in a location that blocks non-HTTP outbound traffic. I found my system had stopped working all of a sudden recently, with the Windows 10 client reporting that “the connection was aborted by the local system.” Upon checking the event log, I found Application log entries from RasClient indicating a failure with the helpful return code of “-2147023660.” There were corresponding entries in the System log for RasSstp which was reporting a “503” error as the response code received from the HTTPS server.
The server itself wasn’t recording any faults or errors.
I confirmed that the server (Windows Server 2019) was correctly registering the URL prefix with the HTTP driver/service. I confirmed that both the client and the server were already fully patched.
The server in question is hosting both an IIS Web service, and the Routing and Remote Access service. I had a bit of a poke around, and found that disabling HTTP/2 in the bindings for the colocated IIS Web site seemed to resolve the issue. I turned off the HTTP/2 support on the binding, and restarted the HTTP service. All of a sudden the VPN was working again. I then re-enabled the HTTP/2 support, restartedthe HTTP service, and it had stopped working again.
If I get some time I’ll dig into it further, but for now am happy that the VPN is once again working. I’m creating the post in case someone else has the issue, and needs a quick fix whilst looking for a longer term solution.
The setting was disabled in IIS through the binding properties of the web site. The picture below (with the certificate and host names hidden of course), is where the change is made.
~ Mike