Windows Server Summit 2024
Mar 26 2024 08:00 AM - Mar 28 2024 03:30 PM (PDT)
Microsoft Tech Community
A fix for Virtual Private Network issue in Windows Server 2016 Essentials has been released
Published Sep 10 2019 01:48 PM 9,462 Views
Copper Contributor

There is a known issue with Virtual Private Network failure every 24-48 hours in Windows Server 2016 Essentials due to domain certificate auto-renewal. We are pleased to share that the fix for this issue has been included with the following Cumulative Update for Windows Server 2016:

 

https://support.microsoft.com/en-us/help/4512495

 

The issue is described here in brief:

 

In Windows Server 2016 Essentials SKU or Essentials role, when the domain name setup is done using a Windows Live account and the Virtual Private Network is configured by running the Anywhere Access wizard, we may experience issues with SSTP based Virtual Private Network.

 

VPN may work for a day or two and then fails with the following error:

 

clipboard_image_0.png

 

The issue occurs due to a failure while enumerating the Subject Alternative Name (SAN) extension in the certificate, parsing the DNS entries and matching it with the domain name. This failure results in a certificate auto-renewal which causes a certificate hash mismatch in the registry. When a remote client attempts to establish an SSTP VPN connection, it fails to do it because of this certificate hash mismatch.

 

Resolution: The fix for this issue has been included with the Cumulative Update (August) for Windows Server 2016. You can install it via Windows Update or from the following link:

 

https://support.microsoft.com/en-us/help/4512495

 

Version history
Last update:
‎Sep 10 2019 01:52 PM
Updated by: