Hello All, In this blog, I will discuss how to load balance SSTP based VPN servers using a F5 BIGIP SSL load balancer. Lets look at the deployment scenario first: You are having a pool of RRAS based VPN servers hosted behind F5 BIGIP load balancer. The F5 BIGIP load balancer terminates the HTTPS...

Hello Customers, As I wrote in this blog, there are four types of VPN tunnel supported by Windows 7 based VPN clients. In this blog I will focus on following things: how do you configure tunnel types on the client, how to decide on the tunnel type order while establishing connection, ... ...

Hi Folks, Very soon Windows 7 and Windows Server 2008 R2 will be released and it is very exciting that beta version of these new operating system is available for public download. So, go ahead and start using it and provide your valuable feedback to us. In this blog I will talk about a new feature...

Hi Folks, Our team member Samir Jain has posted a nice blog on how you should decide which tunnel to use/deploy for your scenario. The details for the same are given at which tunnel to use . In this blog, I would like to understand further on a possibility of deprecating PPTP & L2TP/IPsec VPN...

Hello Folks, I am sure you must have experienced VPN reconnect – a new IKEv2 based VPN tunnel that is added in Windows 7 that allows automatic and seamless switchover of an active VPN connection when the underlying Internet interface (connection) changes thus maintaining application persistence...

Hello, As you know SSTP support in Windows Server 2008 allows you to configure RRAS server role as SSL based L3 VPN server - which allows VPN clients (currently Vista SP1, WS08 and later releases) to connect from anywhere - behind firewalls/NAT. If you would like to run Small business server (SBS...

Hello, If you will like to use SSTP based VPN server (which is part of RRAS server in Windows server 2008) behind a ISA2006 Firewall, please refer to following articles – Thanks a bunch to Thomas Shinder http://www.isaserver.org/tutorials/Publishing-Windows-Server-2008-SSL-VPN-Server-Using-ISA...

Hi All, Virtual Lab for deploying the SSTP Remote Access is available at http://go.microsoft.com/?linkid=8316925 or http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032370149&EventCategory=3&culture=en-US&CountryCode=US . Cheers, Abhishek Tiwari ( abhisht@online...

SSTP as you know requires a machine certificate to be installed on the VPN server. Most of the times, when the administrators need this machine certificate, they can configure a CA Server and get the certificates from this CA. But for this to work, the CDPs (CRL Distribution Point) need to be published...

This blog is going to tell about how SSTP can be affected by configuring IIS Server on the same Server and how to get rid of this problem without moving the IIS Server to a different machine. Let's us first know what kind of issue can arise if IIS is configured alongwith SSTP on the same server...

This blog is going to tell about how to change the Certificate to be used for the SSTP Server. Although, the normal procedure of installing the certificate on RRAS Server for SSTP mentioned in the step by step guide works perfectly fine, this blog is going to talk about how to change the certificate...

Hi All, SSTP screencast is available at http://www.microsoft.com/downloads/details.aspx?FamilyID=fc4d7d3f-0376-45bf-9544-ec35329a2fc1&DisplayLang=en Thanks a bunch, Jim for pulling it through ! This will give screen-by-screen view of how to set-up SSTP in a pilot-lab environment. Cheers...

SSTP by default is configured to listen on all the interfaces (i.e. 0.0.0.0 for IPv4 or ::/0 for IPv6). This means RRAS server by default will allow VPN connections to come in from “all” the IPv4 as well as IPv6 addresses that are available on the server machine. The RRAS server sets the machine certificate...

SSTP requires a machine certificate on the RRAS server which needs to be set inside HTTPS listener (i.e. HTTP.SYS). This certificate will be sent to the client during SSL hand-shake stage (like in any other https:// requests). The RRAS server, when configured first time tries read a machine certificate...

Hi All, To all our beta testers who are trying out SSTP, first of all "many many thanks from my RRAS team". This post talks about how to debug failures specific to SSTP based VPN tunnel ( Note : I am not discussing all the error codes displayed on RAS client - as most error codes will be common...

Hi All, As you know, SSTP is a new VPN tunnel added in Routing and remote access server role in Windows 2008 server and Vista SP1. This allows PPP packets to be encapsulated over HTTP, hence allowing VPN connection to be established through firewalls/NAT/web proxies. For small to medium size organizations...

Hi All, SSTP step-by-step guide is available at Windows server 2008 step-by-step guides site i.e. http://download.microsoft.com/download/b/1/0/b106fc39-936c-4857-a6ea-3fb9d1f37063/Deploying%20SSTP%20Remote%20Access%20Step%20by%20Step%20Guide.doc Or http://technet2.microsoft.com/windowsserver2008...

Hi All, I am very happy to announce that SSTP will be first time released to all our TAP and techbeta customers via Vista SP1 beta and Windows Server 2008 RC0 release which was released on Sept 25th, 2007 To get your hands dirty with SSTP, work with your Microsoft TAP contact if you are part of...

With the various previous blogs, we already know that SSTP (Secure Socket Tunneling Protocol) is a new VPN tunnel type which is added to the list of the already existing tunnel types, PPTP and L2TP. With this addition, there have been some changes in the definition of the existing tunnel type configuration...

Want to know more about SSTP based VPN, the scenario it is trying to solve, how it works - have a look at this article published by Joseph Davies: http://www.microsoft.com/technet/technetmag/issues/2007/06/CableGuy/default.aspx Cheers, Samir Jain Lead Program Manager (Windows Enterprise Networking...

So we are back with a post on SSTP - the tunnelling protocol that can help you traverse through NATs and firewalls. SSTP is sure a great way to establish VPN connections in cases where PPTP and L2TP will not work due to the presence of NATs and firewalls. However, some network administrators may not...

The steps to configure a RAS client connection using SSTP were listed in one of the previous posts. However, the good news is that Connection Manager can also be used to establish SSTP connections. This makes deploying client connections easier and transparent to the user. To enable clients to connect...

By now, from all the other posts you might be aware of steps required to configure SSTP server to accept HTTPS connections. SSTP also supports being configured behind a SSL terminator (HTTP Reverse Proxy scenario). With this setup, a SSL terminator can be configured to terminate the SSL session and direct...

We have seen the steps to configure a SSTP server in one of the previous posts. However, we will concentrate on on aspect of the configuration in this post in detail and the most important one too, because without this your server is not yet ready to accept SSTP connections - Setting up the SSTP listener...

By now, all of you would be aware of what SSTP is and would also have got your questions answered in the FAQ column. We also saw in this blog , how to configure a SSTP client connection. In this post, let's quickly look at the steps required to configure the VPN server as a SSTP server. We will use...