Windows Azure Virtual Network Point-to-Site connection error

11

I have recently created an Azure Virtual Network to test connectivity between a VM on Azure with a client server on premise (point-to-site connection).

First I followed the tutorial here: https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/

Next, I provisioned another VM on Azure but not part of the Virtual Network. I downloaded the AMD64 Client VPN Package and installed it onto this VM and connected to the VPN. The connection was successful and I could point my browser to the VM1's IIS that was created within the virtual network.

Finally, I downloaded the x86 Client VPN Package and installed it onto my local machine running Windows 7 and tried to connect via VPN. Instead, I got the error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Error 0x800b0109) For customized troubleshooting information for this connection, click Help.

The logs are:

    Operating System      : Windows NT 6.1 Service Pack 1
    Dialer Version        : 7.2.7600.16385
    Connection Name       : TestVirtualNetwork
    All Users/Single User : Single User
    Start Date/Time       : 01/05/2013, 23:02:34

    Module Name, Time, Log ID, Log Item Name, Other Info
    For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up

[cmdial32]  23:02:34    22  Clear Log Event 
[cmdial32]  23:02:36    04  Pre-Connect Event   ConnectionType = 1
[cmdial32]  23:02:36    06  Pre-Tunnel Event    UserName = TestClientCert Domain =  DUNSetting = TestVirtualNetwork Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress = azuregateway-66437671-fb05-4fac-83a7-1ae2313d717f-0.cloudapp.net
[cmdial32]  23:02:37    21  On-Error Event  ErrorCode = -2146762487 ErrorSource = RAS
azure-virtual-network
asked on Stack Overflow May 1, 2013 by 3thanZ • edited Aug 14, 2015 by Dene

4 Answers

24

I was experiencing the same issue and came across this blog post describing what appears to be a bug in the VPN installer generated by Azure site:

https://nbevans.wordpress.com/2014/03/01/point-to-site-p2s-azure-vpn/

Effectively, the issue is that there is an additional certificate needed to trust the Azure gateway for your virtual network. That cert is bundled inside the VPN installer .exe generated by the Azure Virtual Network page.

  1. Extract the VPN installer .exe generated by the Azure site (I used 7-zip)
  2. Inside you'll find a .cer file
  3. Install the certificate in the "Trusted Root Certification Authorities" of the "Computer account"
    1. Open mmc.exe
    2. Add the "Certificates" snap-in
    3. Be sure to choose "Computer" account for the Local computer
    4. Right-click the "Trusted Root Certification Authorities" node, All-Tasks, Import, and browse to the .cer file you extracted from the VPN exe

This will likely be needed on all clients you intend to connect to the virtual network.

answered on Stack Overflow Dec 1, 2014 by (unknown user)
1

I want to post a different answer from the ones above since I came across the same issue but in a different situation since the VPN connection presented the issue long way after it had been configured for the first time. So I had installed all the certificates needed in order the VPN to function but as things changes too often I double checked all the certificates were where they supposed to. After doing that, I review the log and although the error points to a certificate issue I paid attention to the connection details and specially one, the Tunnel address (the one with the prefix azuregateway with a lot of hex numbers and the domain cloudapp.net) and realized that the domain was being blocked by a firewall/web filter appliance. Allowing this domain in the appliance allowed to be able to connect using the VPN tunnel again. That's about it.

answered on Stack Overflow Mar 21, 2017 by Humberto Castellon
-1

You need to make sure that you install the client certificate on your local computer. Also ensure that the root certificate you created is installed in your trusted root store.

To find out if your certificate is trusted, run mmc, click 'File', 'Add/Remove Snap In', double-click Certificates, select "My user account" and press Finish. Open 'Certificates - Current User', 'Personal', 'Certificates' and find the client certificate you created.

If it is not there, please follow the step to install it. If it is there, double-click it and click Certification Path. You should see no warnings or errors. If you do, it is probably because your root certificate is not installed correctly.

If that is the case, double-click the root certificate .cer file you created earlier, and choose in the import wizard select 'Place all certificates in the following store', click Browse and choose 'Trusted Root Certification Authorities' and then finish.

answered on Stack Overflow May 1, 2013 by Sal • edited May 1, 2013 by Lars Truijens
-1

There were several answers i found. Here is the one worked for me:

  1. Install root & client in current user->personal folder.
  2. Install the certificate which come along with VPN client(extracted using 7z) in local machine -> trusted root.

worked charm:)

answered on Stack Overflow Oct 28, 2015 by karthi4all

User contributions licensed under CC BY-SA 3.0