aitkendrum Posted August 12, 2011 Posted August 12, 2011 Hello, I've just set up a server to act as a VPN server and I'm trying to use the SSTP VPN as the connection point. However, everytime I try to connect I get "error 800b0109 A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.". I followed the setup/install guide by Thomas Shinder (windowssecurity.com) and Microsofts own instructions! So, I create my first VPN connection as PPTP (this works), I then got the certificate (http://{internal ip address}/certsrv/) and install it into "Trusted root certificates". I then change my VPN Connector (on windows 7) to SSTP and try to connect. Then I get the error! Can anyone help? TIA Quote
ICTCity Posted August 12, 2011 Posted August 12, 2011 Never tried with SSTP, anyway, are you sure the problem is not with the client? Maybe you must trust the certificates from the client... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
aitkendrum Posted August 12, 2011 Author Posted August 12, 2011 I don't think so! As far as I can tell the certificate is made up of two parts: the root certificate (from Enterprise CA) looking something like 'domain netbios name-Server Name-CA' and the domain certificate (generated through IIS) that looks something like 'servername.domain.com'. I'm going to try manually adding both certificates to the client to see if that helps (shouldn't need to as they are chained together)! Quote
ICTCity Posted August 12, 2011 Posted August 12, 2011 I really have no idea, I've just found this topic: http://social.msdn.microsoft.com/Forums/en/wcf/thread/6efca16a-12bf-44a2-82c2-f0868b952127 Maybe it can help you in some way. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
aitkendrum Posted August 12, 2011 Author Posted August 12, 2011 Hi ICTCity, thanks for the link it actually made some sense. However, a minor problem in that it pulls up another error which is "80072afc The requested name is valid, but no data of the requested type was found.". I'm off to have a roam and see if I can find out what this means! If you like, when I've finally got this working I'll write it up and send you a copy. Quote
ICTCity Posted August 12, 2011 Posted August 12, 2011 Yes, this is interesting, I never seen 80072afc error! Thanks. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Mphilip Posted January 15, 2012 Posted January 15, 2012 Did you found an answer on the 80072AFC error? Quote
Recommended Posts