Hello.
On several WSE I have configured Anywhere Acces using the brilliant "Get a free Let’s Encrypt SSL certificate for Access Anywhere and automatically renew it" tutorial, and it works just fine.
But on two of them, after some months in use, the connection now drops immediately after the client connects.
On the client, this RasSstp error 6 is logged:
The SSTP-based VPN connection to the remote access server was terminated because of a security check failure. Security settings on the remote access server do not match settings on this computer. Contact the system administrator of the remote access server and relay the following information: SHA1 Certificate Hash: %1 SHA256 Certificate Hash: %2
I found a suggestion here: http://kb.eventtracker.com/evtpass/evtpages/EventId_6_Microsoft-Windows-RasSstp_65348.asp
Might it be the solution?
Because, under point 7, is says: "Expland Certificates (Local Computer), Trusted Root Certification Authorities, Certificates , and then double-click the certificate."
I cannot find a Let's Encrypt SSL certificate as a Trusted Root Certificate.
How to solve this error and be able to use the SSTP again?
Greetings Andreas
Hello,
This is related to vpn - Automatically renewing let's encrypt for Access Anywhere using "certify the web" - Server Fault and we need to run some Powershell to update the Certificate in RRAS. In addition to this read Scripting Hooks · Certify The Web - Docs
Hello Mariette and thanks for your quick respond.
I did not really understand what to do to solve the problem. Do I need to implement some of the scripts on the page https://docs.certifytheweb.com/docs/script-hooks.html?
Yes, possibly restarting RRAS after certificate renewal does the trick Guide to UI Options · Certify The Web - Docs. Does it work after you reboot the server? If that is the case then the fix will work.
Hello
I am no IT expert but use Windows Server Essentials 2016 for my small business. I too am having this problem using the Microsoft supplied xxx.remotwebaccess.com domain and certificate in Server Essentials 2016 essentials Anywhere Access. I want to follow the lets encrypt tutorial (https://server-essentials.com/support/articleid/143/get-a-free-lets-encrypt-ssl-certificate-for-access-anywhere-and-automatically-renew-it) to obtain my own certificate but it sort of jumps in at the point of having a remote.mydomain.com set up already. I have a domain name and have created a subdomain of remote.mydomain.com but I heard that some sort of redirect is required? I can access my domains cPanel (where I created the remote.mydomain.com subdomain) but what do I redirect to where to make it work?
Any help would be great as I am fed up of rebooting the server when the VPN fails!
Thanks
Shaun
Hello Shaun,
Not sure what you mean with 'jumps in at the point of having a remote.mydomain.com set up already'. When and where does that happen? There is no redirect needed. Just a Host A record for remote.domain.com with the static public IP address of your server.
Thanks for your response Mariette,
Maybe I used the wrong phrase, what I meant was that the starting point of the tutorial was having a remote domain set up already.
I have tried in cPanel to find where I can set an A record but can't find it (as I said....reluctant amateur due to own business!). I assume the IP address you mention is the static public side address of my router?
Cheers
Yes, that IP address is the public IP address on your router. If you are not sure, go to https://www.whatismyip.com/ to check the IP address. I don't know that cPanel but maybe this helps Using the Zone Editor in cPanel | InMotion Hosting
Thanks for the link.
I managed to find it on cPanel. Ill give the tutorial ago.
Regards