RRAS Secure Socket Tunneling Protocol

Updated: November 29, 2007

Applies To: Windows Server 2008

Secure Socket Tunneling Protocol (SSTP) is a new form of virtual private networking (VPN) tunnel with features that allow traffic to pass through firewalls that block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate Point-to-Point (PPP) traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of HTTPS means traffic will flow through TCP port 443, a port commonly used for Web access.

Events

Event ID Source Message

1

Microsoft-Windows-RasSstp

The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again.

%1

2

Microsoft-Windows-RasSstp

The initial Secure Socket Tunneling Protocol (SSTP) response could not be received. There might be intermittent network connectivity issues or the server might not be accepting SSTP connections. The detailed error message is provided below. Correct the problem and try again.

%1

3

Microsoft-Windows-RasSstp

The HTTP response received from the server-side Secure Socket Tunneling Protocol (SSTP) either does not have the version information or the version is not supported. The HTTP version information received is logged in the data section below. The HTTP response from the SSTP server must contain the version header and the version must be 1.1.

4

Microsoft-Windows-RasSstp

The server has refused the Secure Socket Tunneling Protocol (SSTP) request. Either a failure response code or no response code was received. The data portion below contains the response code that was received from the server. This is the HTTP status code present in the response. It can be because the web proxy or the SSTP server might be rejecting the connection, the server might not be configured for SSTP or the server might not have a port available for connection.

5

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol (SSTP) negotiation has failed. The failure code is stored in the Data section of this message. Correct the problem and try again.

6

Microsoft-Windows-RasSstp

The SSTP-based VPN connection to the remote access server was terminated because of a security check failure. Security settings on the remote access server do not match settings on this computer. Contact the system administrator of the remote access server and relay the following information:

SHA1 Certificate Hash: %1
SHA256 Certificate Hash: %2

7

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not open the ConfigStore that is used for storing service-specific information. This can lead to incorrect service configuration or a leak of system resources.

8

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol (SSTP) service could not initialize the HTTP layer for setting up the configuration. Any configuration changes applied by the administrator might not be applied by SSTP.

9

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not secure the URL with the new service configuration. Other applications or services can override the URL reservation. Use 'netsh.exe http add urlacl' command to secure the access control list (ACL) manually. The detailed error message is given at the end of this message.

URL: %1

%2

10

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not secure the default URL. This can prevent the servicing of the SSTP modules. Use 'netsh.exe http add urlacl' command to secure the ACL manually. The detailed error message is given at the end of this message.

URL: %1

%2

12

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not configure the following certificate for use with Internet Protocol version 4 (IPv4). This might prevent SSTP connections from being established successfully. Correct the problem and try again.

Certificate Name - %2

%1

13

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not configure the following certificate for use with Internet Protocol version 6 (IPv6). This might prevent SSTP connections from being established successfully. Correct the problem and try again.

Certificate Name - %2

%1

14

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not configure the route to the VPN server, which is required for the proper functioning of the VPN connection. The detailed error message is given below. Correct the problem and try again. %1

15

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not get the network address of the remote server. This address is required for establishing the route for redirecting the traffic over the VPN interface. The detailed error message is provided below. Correct the problem and try again. %1

16

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol server has provided a certificate with an Enhanced Key Usage that is neither Server Authentication nor Any Purpose. This client will not accept the certificate. The connection will be canceled. Contact the server administrator to correct the issue and try again.

17

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not open the Parameters section of the registry to read the configuration values, so SSTP cannot be initialized. The detailed error message is provided below. Correct the problem and try again.

%1

18

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service either could not read the SHA256 certificate hash from the registry or the data is invalid. To be valid, the SHA256 certificate hash must be of type REG_BINARY and 32 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.

%1

19

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service either could not read the SHA1 certificate hash from the registry or the data is invalid. To be valid, the SHA1 certificate hash must be of type REG_BINARY and 20 bytes in length. SSTP might not be able to retrieve the value from the registry due to some other system failure. The detailed error message is provided below. SSTP connections will not be accepted on this server. Correct the problem and try again.

%1

20

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service was not able to allocate memory for setting up the configuration for accepting connections. The system might be low on memory. Correct the problem and restart the service.

21

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service was not able to get the hash for the certificate configured with HTTP. The detailed error message is provided below. Correct the problem and try again.

%1

22

Microsoft-Windows-RasSstp

The Secure Socket Tunneling Protocol service could not be configured to accept incoming connections. The detailed error message is provided below. Correct the problem and restart the SSTP service.

%1

23

Microsoft-Windows-RasSstp

The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to the presence of a web proxy between the client and the server requiring authentication. Proxy authentication is not supported by this version of SSTP.

24

Microsoft-Windows-RasSstp

The certificates bound to the HTTPS listener for IPv4 and IPv6 do not match. For SSTP connections, certificates should be configured for 0.0.0.0:Port for IPv4, and [::]:Port for IPv6. The port is the listener port configured to be used with SSTP. The default listener port is 443.

Related Management Information

RRAS Server

Routing and Remote Access Service Infrastructure

Community Additions

ADD
Show: