SSTP Windows VPN Client Error: The revocation function was unable to check revocation

if you are deploying sstp vpn for windows clients and get the error: “the revocation function was unable to check revocation because the revocation server was offline.”, you are most likely using your own internal pki and the certificate used for sstp does not have a certificate revocation list (crl) accessible from the outside, so the client machine is failing checking whether or not the certificate has been revoked from the ca. if you simply want to bypass this, you can edit the registry on the client:

disable crl checking on vpn client

  1. start registry editor (regedit.exe)
  2. locate and then click the following key in the registry:
    hkey_local_machine–>system->currentcontrolset->services->sstpsvc->parameters
  3. on the edit menu, point to new , click dword (32-bit) value, and then add the following registry value:
    value name: nocertrevocationcheck
    value data: 1

in  the following video i setup sstp vpn almost from scratch in about 10 minutes. i did run into a snag while windows complained about a cn (common name) mismatch while it was actually a subject alternative name dns mismatch, not cn. i inadvertently proved that sstp relies on the san name in the certificate. after 41 years of being in business they still don’t get their error messages right.

if you’re wondering why i’m specifying port 444 instead of leaving the port blank or entering 443, i’m performing port translation on the firewall since i’m already using https for something else.

source:
sysadminshowto.com for the nocertrevocationcheck reg string

Share
Disqus Comments Loading...

Recent Posts

FreeNAS Error Creating Pool

command '('gpart', 'create', '-s', 'gpt', '/dev/da8')' returned non-zero exit status 1. If you get this error while trying to create… Read More

May 14, 2019 8:22 am 08:22

Change Grub Default Boot Entry on Linux Mint

i'm dual booting windows and linux mint on my laptop. the grub default is to boot into linux mint, however… Read More

April 23, 2019 7:45 pm 19:45

How to Reset Secure Channel On Active Directory Domain Controller

when you're a little too careless about virtualizing your domain controllers, cloning, migrating, backing up and restoring, returning from vacation… Read More

April 21, 2019 8:14 am 08:14

Run SystemD Script Before System Shutdown

for the sheer hell of it, a few weeks ago i wanted to see if i could properly and successfully… Read More

April 20, 2019 10:14 am 10:14

Learn Systemctl Usage to Manage Systemd Service in Linux

systemd is new service manager for linux. it's a replacement for all previous init systems (sysv/sysvinit & ubuntu's upstart) and… Read More

April 20, 2019 7:55 am 07:55

Force Delete Windows Server DHCP Failover Relationship

if you've found yourself here then chances are you messed up one of your domain controllers or at least one… Read More

April 20, 2019 5:54 am 05:54