Hello,
I have come across a weird problem with client certificates on Windows 8. The clients have been issued Client Authentication and Smart Card Logon certificates. Everything works fine from Windows 7 clients. SSTP connection establishes correctly on Win7 with the same certificate (exactly the same binary certificate imported). CRL download works well on both Win8 and Win7 clients. But as long as the client certificate contains the "Smart Card Logon" EKU purpose, the connection fails on Windows 8 with the following unknown error:
Error connecting to
Error 0x80420100. There was an unknown error
I was able to resolve the problem by just removing the Smart Card Logon OID from client certificates, then Win8 establishes the SSTP connection normally. If I add the Smart Card Logon OID back to the certificates, the error is back again as well. So the actual cause is the OID being present in the client certificates, I suppose.
I have also tried to laborate with the new Configure Certificate Selection settings dialog box (new on Win8), but with no success. I have described the problem here in greater detail:http://www.sevecek.com/EnglishPages/Lists/Posts/Post.aspx?ID=7
Could somebody confirm that this is really the problem or if there is any remedy for it? The customer needs to have both EKU purposes in user certificates - they use the certificates for the SSTP VPN as well as for Smart Card Logon and it is quite a complication to have to issue two separate certificates for every user.
ondrej.