windows servers 2019 essiantials rras/vpn (sstp) max two connections

Copper Contributor

Hello,

can't find why it only allows two sessions. Others get: The network connection was aborted by the local system

 

event viewer:

CoId={A2250444-0B32-0006-B84A-27A2320BD701}: The user DESKTOP-EOH3BGN\zyriusa dialed a connection named gm which has failed. The error code returned on failure is -2147023660.

 

I don't see any errors on servers's even viewer even debug mode is switched on RRAS

5 Replies

@Dave Patrick I dont think that its related to certificate. I have 5 remote users. All can connect but max two at once. It looks like limit. 

also certificate hash match for all

C:\Users\Administrator>netsh http show sslcert

SSL Certificate bindings:
-------------------------

IP:port : 0.0.0.0:443
Certificate Hash : aa2b77be96a51a7efe27e49960a9f279d1f823cb
Application ID : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set

IP:port : 192.168.52.101:443
Certificate Hash : aa2b77be96a51a7efe27e49960a9f279d1f823cb
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling : Not Set
Disable Legacy TLS Versions : Not Set

IP:port : [::]:443
Certificate Hash : aa2b77be96a51a7efe27e49960a9f279d1f823cb
Application ID : {ba195980-cd49-458b-9e23-c84ee0adcd75}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled

also somehow error code changed in event viewer 🙂

CoId={A2250444-0B32-0005-C47B-28A2320BD701}:The server has refused the Secure Socket Tunneling Protocol (SSTP) request. Either a failure response code or no response code was received. The data portion below contains the response code that was received from the server. This is the HTTP status code present in the response. It can be because the web proxy or the SSTP server might be rejecting the connection, the server might not be configured for SSTP or the server might not have a port available for connection

@zyriusa Hi, I had the same problem. My windows server 2022 had RRAS configured and accepting SSTP VPN connections but only two computers. The third and fourth client and so on are getting 0x800704D4 (the hex version of -2147023660).


The problem lies in the number of WAN miniport configured for SSTP. Go to "Ports", right click empty area and hit Properties.

yusufat_0-1643950131150.png

In my case, the number of ports for WAN miniport SSTP was "2". I changed it to "128", to match the others, and then restarted RRAS service.

yusufat_1-1643950248650.png

So, theoretically, this SSTP VPN server is capable of handling 128 clients.


Now things are working fine. I have 6 clients connected to this SSTP VPN server simultaneously without any more problem.


Hope this helps.

Yusuf

 

 

Same issue here - you fixed it and really saved my day, thanks!
Seems to be a really unlucky default setting and I could not find any reference to this in any doc...