Hi,
i deployed Duo for the RRAS. Works very well with L2TP\IPSec VPN.
But, SSTP VPN doesn’t work. A user can connect only for 1 sec and disconnect immediately.
On NPS server (Windows Radius) i see successful authentication.
On Duo Proxy server i see successful authentication.
On VPN server i don’t see any logs about this connection.
On client Windows 10 i see certificate error:
Log Name: System
Source: Microsoft-Windows-RasSstp
Date: 10.11.2016 18:04:43
Event ID: 6
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: WIN10-1.corp.domain.ru
Description:
CoId={9DDF738A-A701-4EBA-9C5E-032C4C1957C4}:The SSTP-based VPN connection to the remote access server was terminated because of a security check failure. Security settings on the remote access server do not match settings on this computer. Contact the system administrator of the remote access server and relay the following information:
SHA1 Certificate Hash: 524FF41B415A8BA5DF94B258FB0EC9300FCB2ECE
SHA256 Certificate Hash: D53688670804038199FF8826FD49CBFBC5CC4CFEAD98C23FB4BB547BD6E669E1
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-RasSstp" Guid="{6c260f2c-049a-43d8-bf4d-d350a4e6611a}" EventSourceName="RasSstp" />
<EventID Qualifiers="0">6</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2016-11-10T17:04:43.343656100Z" />
<EventRecordID>3297</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>WIN10-1.corp.domain.ru</Computer>
<Security />
</System>
<EventData>
<Data Name="CoId">{9DDF738A-A701-4EBA-9C5E-032C4C1957C4}</Data>
<Data Name="SHA1 Certificate Hash">524FF41B415A8BA5DF94B258FB0EC9300FCB2ECE</Data>
<Data Name="SHA256 Certificate Hash">D53688670804038199FF8826FD49CBFBC5CC4CFEAD98C23FB4BB547BD6E669E1</Data>
</EventData>
</Event>
what is wrong? Does Duo replace a certificate?