Windows Azure Virtual Network Point-to-Site connection error

azure-virtual-network
3thanZ picture 3thanZ · May 1, 2013 · Viewed 25.2k times · Source

I have recently created an Azure Virtual Network to test connectivity between a VM on Azure with a client server on premise (point-to-site connection).

First I followed the tutorial here: https://azure.microsoft.com/documentation/articles/vpn-gateway-point-to-site-create/

Next, I provisioned another VM on Azure but not part of the Virtual Network. I downloaded the AMD64 Client VPN Package and installed it onto this VM and connected to the VPN. The connection was successful and I could point my browser to the VM1's IIS that was created within the virtual network.

Finally, I downloaded the x86 Client VPN Package and installed it onto my local machine running Windows 7 and tried to connect via VPN. Instead, I got the error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. (Error 0x800b0109) For customized troubleshooting information for this connection, click Help.

The logs are:

    Operating System      : Windows NT 6.1 Service Pack 1
    Dialer Version        : 7.2.7600.16385
    Connection Name       : TestVirtualNetwork
    All Users/Single User : Single User
    Start Date/Time       : 01/05/2013, 23:02:34

    Module Name, Time, Log ID, Log Item Name, Other Info
    For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up

[cmdial32]  23:02:34    22  Clear Log Event 
[cmdial32]  23:02:36    04  Pre-Connect Event   ConnectionType = 1
[cmdial32]  23:02:36    06  Pre-Tunnel Event    UserName = TestClientCert Domain =  DUNSetting = TestVirtualNetwork Tunnel DeviceName = WAN Miniport (SSTP) TunnelAddress = azuregateway-66437671-fb05-4fac-83a7-1ae2313d717f-0.cloudapp.net
[cmdial32]  23:02:37    21  On-Error Event  ErrorCode = -2146762487 ErrorSource = RAS

Answer

user4312249 picture user4312249 · Dec 1, 2014

I was experiencing the same issue and came across this blog post describing what appears to be a bug in the VPN installer generated by Azure site:

https://nbevans.wordpress.com/2014/03/01/point-to-site-p2s-azure-vpn/

Effectively, the issue is that there is an additional certificate needed to trust the Azure gateway for your virtual network. That cert is bundled inside the VPN installer .exe generated by the Azure Virtual Network page.

  1. Extract the VPN installer .exe generated by the Azure site (I used 7-zip)
  2. Inside you'll find a .cer file
  3. Install the certificate in the "Trusted Root Certification Authorities" of the "Computer account"
    1. Open mmc.exe
    2. Add the "Certificates" snap-in
    3. Be sure to choose "Computer" account for the Local computer
    4. Right-click the "Trusted Root Certification Authorities" node, All-Tasks, Import, and browse to the .cer file you extracted from the VPN exe

This will likely be needed on all clients you intend to connect to the virtual network.

Related questions

Access internet from Azure VM not working

I've created an Azure DNS server with Address 192.168.0.4 I've created a Virtual Network with address space 192.168.. I changed the Subnet-1 to be starting IP 192.168.10.0 Address Count 64 Address Range 192.168.10.0 - 192.168.10.63 I've created 3 virtual machine images in a single cloud service using …

Read More
Azure Active Directory as Domain Controller for Azure Virtual Machines

Azure Active Directory is "as a service" offering from Azure. I have seen documentations and content from Microsoft stating that can be used for SSO and other Web application for unified auth. Will it be possible to make use of …

Read More
Azure VMs Virtual Network inter-communication

I'm new to Azure (strike 1) and totally suck at networking (strike 2). Nevertheless, I've got two VMs up and running in the same virtual network; one will act as a web server and the other will act as a SQL database …

Read More