If you are deploying SSTP VPN for Windows clients and get the error: “The revocation function was unable to check revocation because the revocation server was offline.”, you are most likely using your own internal PKI and the certificate used for SSTP does not have a Certificate Revocation List (CRL) accessible from the outside, so the client machine is failing checking whether or not the certificate has been revoked from the CA. If you simply want to bypass this, you can edit the registry on the client:
In the following video I setup SSTP VPN almost from scratch in about 10 minutes. I did run into a snag while Windows complained about a CN (common name) mismatch while it was actually a Subject Alternative Name DNS mismatch, not CN. I inadvertently proved that SSTP relies on the SAN name in the certificate. After 41 years of being in business they still don’t get their error messages right.
sysadminshowto.com for the NoCertRevocationCheck reg string
When you're a little too careless about virtualizing your domain controllers, cloning, migrating, backing up and restoring, returning from vacation… Read More
Systemd is new service manager for Linux. It's a replacement for all previous init systems (SysV/SysVinit & Ubuntu's Upstart) and… Read More