Error 0x8007274C connecting via SSTP VPN to Windows 2008r2 server

windows-server-2008-r2 vpn certificate sstp

21,053

SOLVED

My issue was this: I had VPN and NAT routing running on the same RRAS server. NAT by default, didn't let TCP port 443 traffic through - I verified this by attempting to telnet to my SSTP server from my VPN client and got nothing.

On the VPN server, I went in to Routing and Remote Access / IPv4 / NAT, and went into the adapter's properties for my public interface. Go to the Services and Ports tab, and check the box "Secure Web Server (HTTPS), and put 127.0.0.1 for the Private address. This will allow the necessary SSL traffic to get through to terminate SSTP connections. Hope this helps someone. From your VPN client, you should be able to telnet to the SSTP server on port 443.

21,053

mahi

Updated on September 18, 2022

Comments

mahi over 1 year
I'm setting up a VPN using a self-signed certificate. My certificate is was generated on the server and is installed on the server. It shows up in the MMC console under "Certificates (Local Computer) / Personal / Certificates"

I have verified the binding of the certificate to the SSL listener with "netsh http show sslcert", which reports back:
```
SSL Certificate bindings:
-------------------------

IP:port                 : 0.0.0.0:443
Certificate Hash        : bc21f475405f********a97aa4cdecd3bfe257d3
Application ID          : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name  : MY
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled

IP:port                 : [::]:443
Certificate Hash        : bc21f475405f********a97aa4cdecd3bfe257d3
Application ID          : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name  : MY
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout   : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Disabled
```
However, "netstat -aon" does not report anything listening on port 443. I checked the registry at "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SstpSvc\Parameters" and found that ListenerPort was set to 0. I changed it to 443. I restarted the SSTP service, but still nothing is listening on 443. "sc query sstpsvc" and "sc query remoteaccess" both report "State 4 Running"

The error is shown on the client. The VPN client is a Windows 7 machine on the local LAN. The VPN is configured to use only SSTP. If I change it to use PPTP, it connects instantly. I have exported the self-signed certificate and imported it into the client system. I used the answer in this question to install the certificate in the client's trusted root store.

I have reviewed this article, and used the steps in this article to verify that the certificate was correctly bound.

This article discusses various error codes from SSTP connections, but unfortunately Error 0x8007274C is not mentioned. There is not very much useful information on that error found in Google. Can anyone offer any insight is fixing this problem?
- mahi almost 11 years
  
  It appears that restarting relevant services does not update ListenerPort. A full server restart was required. Now the error message has changed to 0x800B010F, which is a certificate name mismatch. Now to chase that down....