I have recently created an Azure Virtual Network to test connectivity between a VM on Azure with a client server on premise (point-to-site connection).
First I followed the tutorial here: https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/
Next, I provisioned another VM on Azure but not part of the Virtual Network. I downloaded the AMD64 Client VPN Package and installed it onto this VM and connected to the VPN. The connection was successful and I could point my browser to the VM1's IIS that was created within the virtual network.
Finally, I downloaded the x86 Client VPN Package and installed it onto my local machine running Windows 7 and tried to connect via VPN. Instead, I got the error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Error 0x800b0109) For customized troubleshooting information for this connection, click Help.
The logs are:
Operating System : Windows NT 6.1 Service Pack 1
Dialer Version : 7.2.7600.16385
Connection Name : TestVirtualNetwork
All Users/Single User : Single User
Start Date/Time : 01/05/2013, 23:02:34
Module Name, Time, Log ID, Log Item Name, Other Info
For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
[cmdial32] 23:02:34 22 Clear Log Event
[cmdial32] 23:02:36 04 Pre-Connect Event ConnectionType = 1
[cmdial32] 23:02:36 06 Pre-Tunnel Event UserName = TestClientCert Domain = DUNSetting = TestVirtualNetwork Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress = azuregateway-66437671-fb05-4fac-83a7-1ae2313d717f-0.cloudapp.net
[cmdial32] 23:02:37 21 On-Error Event ErrorCode = -2146762487 ErrorSource = RAS
I was experiencing the same issue and came across this blog post describing what appears to be a bug in the VPN installer generated by Azure site:
https://nbevans.wordpress.com/2014/03/01/point-to-site-p2s-azure-vpn/
Effectively, the issue is that there is an additional certificate needed to trust the Azure gateway for your virtual network. That cert is bundled inside the VPN installer .exe generated by the Azure Virtual Network page.
This will likely be needed on all clients you intend to connect to the virtual network.
I want to post a different answer from the ones above since I came across the same issue but in a different situation since the VPN connection presented the issue long way after it had been configured for the first time. So I had installed all the certificates needed in order the VPN to function but as things changes too often I double checked all the certificates were where they supposed to. After doing that, I review the log and although the error points to a certificate issue I paid attention to the connection details and specially one, the Tunnel address (the one with the prefix azuregateway with a lot of hex numbers and the domain cloudapp.net) and realized that the domain was being blocked by a firewall/web filter appliance. Allowing this domain in the appliance allowed to be able to connect using the VPN tunnel again. That's about it.
You need to make sure that you install the client certificate on your local computer. Also ensure that the root certificate you created is installed in your trusted root store.
To find out if your certificate is trusted, run mmc, click 'File', 'Add/Remove Snap In', double-click Certificates, select "My user account" and press Finish. Open 'Certificates - Current User', 'Personal', 'Certificates' and find the client certificate you created.
If it is not there, please follow the step to install it. If it is there, double-click it and click Certification Path. You should see no warnings or errors. If you do, it is probably because your root certificate is not installed correctly.
If that is the case, double-click the root certificate .cer file you created earlier, and choose in the import wizard select 'Place all certificates in the following store', click Browse and choose 'Trusted Root Certification Authorities' and then finish.
There were several answers i found. Here is the one worked for me:
worked charm:)
User contributions licensed under CC BY-SA 3.0