Windows Azure Virtual Network Point-to-Site connection error

Asked 1/5, 2013 at 15:16 Answered 21/3, 2017 at 16:53

I have recently created an Azure Virtual Network to test connectivity between a VM on Azure with a client server on premise (point-to-site connection).

First I followed the tutorial here: https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/

Next, I provisioned another VM on Azure but not part of the Virtual Network. I downloaded the AMD64 Client VPN Package and installed it onto this VM and connected to the VPN. The connection was successful and I could point my browser to the VM1's IIS that was created within the virtual network.

Finally, I downloaded the x86 Client VPN Package and installed it onto my local machine running Windows 7 and tried to connect via VPN. Instead, I got the error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Error 0x800b0109) For customized troubleshooting information for this connection, click Help.

The logs are:

    Operating System      : Windows NT 6.1 Service Pack 1
    Dialer Version        : 7.2.7600.16385
    Connection Name       : TestVirtualNetwork
    All Users/Single User : Single User
    Start Date/Time       : 01/05/2013, 23:02:34

    Module Name, Time, Log ID, Log Item Name, Other Info
    For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up

[cmdial32]  23:02:34    22  Clear Log Event 
[cmdial32]  23:02:36    04  Pre-Connect Event   ConnectionType = 1
[cmdial32]  23:02:36    06  Pre-Tunnel Event    UserName = TestClientCert Domain =  DUNSetting = TestVirtualNetwork Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress = azuregateway-66437671-fb05-4fac-83a7-1ae2313d717f-0.cloudapp.net
[cmdial32]  23:02:37    21  On-Error Event  ErrorCode = -2146762487 ErrorSource = RAS

Imprimatur answered 1/5, 2013 at 15:16 Comment(2)

Could it be related to this: blogs.msdn.com/b/windowsazure/archive/2013/03/15/… ??? – Heptamerous 13/6, 2013 at 6:13

I have a similar problem but I haven't been able to solve it using any of the mentioned solutions :-( – Priddy 5/12, 2014 at 8:9

I was experiencing the same issue and came across this blog post describing what appears to be a bug in the VPN installer generated by Azure site:

https://nbevans.wordpress.com/2014/03/01/point-to-site-p2s-azure-vpn/

Effectively, the issue is that there is an additional certificate needed to trust the Azure gateway for your virtual network. That cert is bundled inside the VPN installer .exe generated by the Azure Virtual Network page.

Extract the VPN installer .exe generated by the Azure site (I used 7-zip)
Inside you'll find a .cer file
Install the certificate in the "Trusted Root Certification Authorities" of the "Computer account"
1. Open mmc.exe
2. Add the "Certificates" snap-in
3. Be sure to choose "Computer" account for the Local computer
4. Right-click the "Trusted Root Certification Authorities" node, All-Tasks, Import, and browse to the .cer file you extracted from the VPN exe

This will likely be needed on all clients you intend to connect to the virtual network.

Bede answered 1/12, 2014 at 15:48 Comment(4)

Very nice way to diagnose this problem. To add to your answer, you can open up the .cer file, and go to the Certification Path to verify this is the issue before you add the .cer file to your certificate store. – Eiland 20/3, 2015 at 16:13

Wow. I was banging my head against the wall all week! This fixed it right away. – Wore 22/8, 2015 at 0:35

I had that cert installed long back when I was using my VPN client. suddenly it stopped working. Then I followed your answer now I have two certs in that Trusted folder but my VPN clients connects and works. – Mchugh 16/8, 2016 at 12:34

We never had any problems with this for months, and then suddenly it started happening with most (but not all) of our VPN certs. No idea why, and no idea why some and not others. – Truly 8/3, 2017 at 19:27

I want to post a different answer from the ones above since I came across the same issue but in a different situation since the VPN connection presented the issue long way after it had been configured for the first time. So I had installed all the certificates needed in order the VPN to function but as things changes too often I double checked all the certificates were where they supposed to. After doing that, I review the log and although the error points to a certificate issue I paid attention to the connection details and specially one, the Tunnel address (the one with the prefix azuregateway with a lot of hex numbers and the domain cloudapp.net) and realized that the domain was being blocked by a firewall/web filter appliance. Allowing this domain in the appliance allowed to be able to connect using the VPN tunnel again. That's about it.

Prud answered 21/3, 2017 at 16:53 Comment(0)

You need to make sure that you install the client certificate on your local computer. Also ensure that the root certificate you created is installed in your trusted root store.

To find out if your certificate is trusted, run mmc, click 'File', 'Add/Remove Snap In', double-click Certificates, select "My user account" and press Finish. Open 'Certificates - Current User', 'Personal', 'Certificates' and find the client certificate you created.

If it is not there, please follow the step to install it. If it is there, double-click it and click Certification Path. You should see no warnings or errors. If you do, it is probably because your root certificate is not installed correctly.

If that is the case, double-click the root certificate .cer file you created earlier, and choose in the import wizard select 'Place all certificates in the following store', click Browse and choose 'Trusted Root Certification Authorities' and then finish.

Mord answered 1/5, 2013 at 18:29 Comment(4)

It would be helpful if you could add some highlighting and break the paragraph apart in to a list of steps to make this more readable. – Laveen 1/5, 2013 at 18:48

Hi Lars, thanks for the response. Do you mean that I need to import both the .pfx and .cer files in my local computer that I want to connect via VPN? – Imprimatur 2/5, 2013 at 10:13

Hi Lars, I tried as per your suggestion. There was indeed an issue flagged because the root certificate was not installed in the 'Trusted Root Certification Authorities' but after resolving that, the issue still persists. – Imprimatur 2/5, 2013 at 13:38

Check that you don't have fiddler or something else of the sort open in the background. groups.google.com/forum/#!topic/httpfiddler/AXF2AWQrPzU – Kreisler 31/3, 2014 at 7:25

-1

There were several answers i found. Here is the one worked for me:

Install root & client in current user->personal folder.
Install the certificate which come along with VPN client(extracted using 7z) in local machine -> trusted root.

worked charm:)

Artilleryman answered 28/10, 2015 at 14:43 Comment(0)

Recommended topics

Hot tags