There is a known issue with Virtual Private Network failure every 24-48 hours in Windows Server 2016 Essentials due to domain certificate auto-renewal. We are pleased to share that the fix for this issue has been included with the following Cumulative Update for Windows Server 2016:
https://support.microsoft.com/en-us/help/4512495
The issue is described here in brief:
In Windows Server 2016 Essentials SKU or Essentials role, when the domain name setup is done using a Windows Live account and the Virtual Private Network is configured by running the Anywhere Access wizard, we may experience issues with SSTP based Virtual Private Network.
VPN may work for a day or two and then fails with the following error:
The issue occurs due to a failure while enumerating the Subject Alternative Name (SAN) extension in the certificate, parsing the DNS entries and matching it with the domain name. This failure results in a certificate auto-renewal which causes a certificate hash mismatch in the registry. When a remote client attempts to establish an SSTP VPN connection, it fails to do it because of this certificate hash mismatch.
Resolution: The fix for this issue has been included with the Cumulative Update (August) for Windows Server 2016. You can install it via Windows Update or from the following link:
https://support.microsoft.com/en-us/help/4512495
