Azure Virtual Network - Certificate CN Name Does Not Match the Passed Value

1

We've been using the same Azure Virtual Network (classic; certificate authentication) for about 2 years now, with little issue. Today, however, remote (P2S) users are getting the error:

The certificate's CN name does not match the passed value. (Error 0x800b010f)

The S2S connections remain connected.

The logs in Azure don't capture any errors.

The Windows error log is this:

Operating System      : Windows NT 10.0 
Dialer Version        : 7.2.17763.1
Connection Name       : SSSNet
All Users/Single User : Single User
Start Date/Time       : 3/13/2019, 10:07:07

Module Name, Time, Log ID, Log Item Name, Other Info
For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up

[cmdial32]  10:07:07    03  Pre-Init Event  CallingProcess = C:\WINDOWS\system32\rasautou.exe
[cmdial32]  10:07:11    04  Pre-Connect Event   ConnectionType = 1
[cmdial32]  10:07:11    06  Pre-Tunnel Event    UserName = SxxxxxxVPNClient Domain =  DUNSetting = 0da3e1e6-f413-4c65-acec-84283bfa09b8 Tunnel DeviceName =  TunnelAddress = azuregateway-0da3e1e6-f413-4c65-acec-84283bfa09b8-db7c2be76072.cloudapp.net
[cmdial32]  10:07:11    21  On-Error Event  ErrorCode = -2146762481 ErrorSource = RAS
[cmdial32]  10:27:30    04  Pre-Connect Event   ConnectionType = 1
[cmdial32]  10:27:30    06  Pre-Tunnel Event    UserName = SxxxxxxVPNClient Domain =  DUNSetting = 0da3e1e6-f413-4c65-acec-84283bfa09b8 Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress = azuregateway-0da3e1e6-f413-4c65-acec-84283bfa09b8-db7c2be76072.cloudapp.net
[cmdial32]  10:27:30    21  On-Error Event  ErrorCode = -2146762481 ErrorSource = RAS

Any help would be greatly appreciated.

azure
azure-virtual-network
azure-vpn
asked on Stack Overflow Mar 13, 2019 by Red Knight 11 • edited Mar 13, 2019 by Red Knight 11

2 Answers

2

We ran into this today for one of our partners that is using "Virtual Network (classic)" P2S for VPN. Solution was to remove the old VPN from each client and install a new one. Get the new one from the Azure portal, all resources -> your p2s Virtual Network (classic) resource, then open the VPN connections blade by clicking on the graph on the right. At the top of the VPN connections blade you can download x64 or x32 clients. I hope this helps!

answered on Stack Overflow Mar 13, 2019 by Art Lucia
0

Post facto, I received this email from Microsoft. (Links removed.) Not sure why I didn't receive one before this. Maybe my CSP did...

Point-to-Site VPN gateway certificates have changed—download your VPN profile and deploy it to Point-to-Site VPN clients

You’re receiving this email because your VPN gateway has been transitioned to use a public Certificate Authority certificate instead of a self-signed certificate.

We’ve completed the move from using self-signed certificates to using public Certificate Authority (CA) certificates for our VPN gateways. This change will provide more secure services, however, it will cause VPN clients to lose connectivity until the new VPN profile is redeployed to client devices.

Required action

Please follow this guidance to re-download the VPN profile from the Azure portal and deploy it to all your Point-to-Site VPN clients as soon as possible to ensure connectivity for your VPN clients.

Read complete details about this change.

If you have questions, please contact us.

answered on Stack Overflow Mar 13, 2019 by Red Knight 11

User contributions licensed under CC BY-SA 3.0