This has been frustrating to say the least.
I have a little lab of VMs I'm using to test configuring SSTP VPN connections:
I have:
- External client: A win7 client
- DC: A 2008 R2 DC
- cert srv: A 2008 R2 srv running ADCS, IIS for web enrollment, and the OCSP service
- VPN srv: A 2008 R2 srv running NPS, RRAS with external and internal nics
I set everything up following tutorials I found online and this is where I am right now:
- Added the http crl, AIA, and OCSP locations to the cert I issued to my vpn srv
- I have the root CA cert and the cert for the vpn (which I exported from the VPN server) installed on the client
- Made sure http: crl locations were accessible to the external client
- When I run certutil -URL [mycert] on the external client it successfully verifies the http CRL and AIA locations. It even successfully verifies the OCSP AIA location.
BUT when I try to initiate an SSTP vpn it fails with the "revocation server offline" error.
What could I be doing wrong?