SSTP EAP

-

sstp environment windows server 2008 r2.
server02r rras , ca (standalone) services, , server02n nps services.
want secure more connection sstp vpn server client certificate eap. on ca create request client certificate , export , import on local machine. connection without eap types works fine user domain name , password. problem when check on security tab in vpn connection use extensible authentication protocol (eap) witj drop down menu microsoft: smart card or other certificate (encryption enabled)
on server02n nps services role in connection request policy crete new on settings override network policy authentication settings , check microsoft smart card or other certificate , on edit i`ve got certificate server02r (sstp.example.com). when user trying connecto sstp vpn server has 691 error problem. in logs on rras server i`ve got eroors 20255 , 20271 message:
coid={0e740f79-5576-44f2-8fe2-a12a4b2055be}: following error occurred in point point protocol module on port: vpn0-127, username: kris sstp mix. connection prevented because of policy configured on ras/vpn server. specifically, authentication method used server verify username , password may not match authentication method configured in connection profile. please contact administrator of ras server , notify them of error. what doing wrong? please me because don`t have idea wit that. in advance.

hi,

thanks post.

please note it’s not recommend deployment eap-tls authentication (smart card or other certificate) using standalone ca. because need manually request computer , user certificate, , export/import private key on right container. easy management issuing, such auto-enrollment, should use enterprise ca. then, use ca issue server certificate nps server. based on eap-tls authentication method choose, deploy certificate template user , client computer.

certificate requirements peap , eap

http://technet.microsoft.com/en-us/library/cc731363

best regards,

aiden

if have feedback on our support, please click here

aiden cao
technet community support



Windows Server  >  Network Access Protection



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more