Event ID - 23

Event Id23
SourceMicrosoft-Windows-RasSstp
DescriptionThe initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to the presence of a web proxy between the client and the server requiring authentication. Proxy authentication is not supported by this version of SSTP.
Event Information According to Microsoft :

Cause :

This event is logged when the initial Secure Socket Tunneling Protocol request could not be successfully sent to the server.

Resolution :

Configure the server with acceptable hash certificate by the Reverse Web Proxy server

Possible resolution:
  • Review the logs of the Reverse Web proxy and capture the hash configured by the proxy server to the client. For more information, see the "View the certificate hash" section.
  • Configure the RRAS server with the same hash by the proxy server. For more information, see the "Configure the certificate hash on the remote access server" section.
To perform these procedures, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

View the certificate hash

To view the certificate hash:
  1. On the Web proxy server, click Start , click Run , type mmc , and then click OK .
  2. Click File , and then click Add/Remove Snap-in .
  3. Under Available snap-ins , click Certificates , and then click Add .
  4. Click Computer account in the Certificate snap-in dialog box, and then click Next .
  5. Click Local computer , click Finish , and then click OK .
  6. Click File , click Save As , and then save the console as certmgmt.msc .
  7. Expland Certificates (Local Computer), Trusted Root Certification Authorities, Certificates , and then double-click the certificate.
  8. Click the Details tab, and then click the Thumbprint field to view the hash. Hash details can be obtained only for the sha1 Thumbprint algorithm, not for the sha256 Thumbprint algorithm.
Configure the certificate hash on the remote access server

To view the hash and change the value:
  1. On the remote access server, click Start , click Run , type mmc , and then click OK .
  2. Click File , and then click Add/Remove Snap-in .
  3. Under Available snap-ins , click Certificates , and then click Add .
  4. Click Computer account in the Certificate snap-in dialog box, and then click Next .
  5. Click Local computer , click Finish , and then click OK .
  6. Click File , click Save As , and then save the console as certmgmt.msc .
  7. Expland Certificates (Local Computer), Trusted Root Certification Authorities, Certificates , and then double-click the certificate.
  8. Click the Details tab, and then click the Thumbprint field to view the hash. Hash details can be obtained only for the sha1 Thumbprint algorithm, not for the sha256 Thumbprint algorithm.
  9. If there is mismtach between the hash of the certificate on the remote access server and the Web proxy server, right-click the certificate on the remote access server, and then click Delete .
  10. Remove the certificate binding from HTTPS Listener. Type the following commands in a command window:

    • netsh http delete sslcert ipport=0.0.0.0:443
    • netsh http delete sslcert ipport=[::]:443

  11. Remove the certificate binding in the Routing and Remote Access service. Open the Registry Editor and delete the following registry keys (if present):

    • HKLM\System\CurrentControlSet\Services\Sstpsvc\Parameters\Sha256CertificateHash
    • HKLM\System\CurrentControlSet\Services\Sstpsvc\Parameters\Sha1CertificateHash

  12. Add the new certificate inside the certificate store (local computer store).
  13. Plumb the new certificate to the HTTPS Listener (assuming the new certificate has SHA1 certificate hash as xxx). Type the following commands in a command window:

    • netsh http add sslcert ipport=0.0.0.0:443 certhash= appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY
    • netsh http add sslcert ipport=[::]:443 certhash=appid={ba195980-cd49-458b-9e23-c84ee0adcd75} certstorename=MY

  14. Restart the Routing and Remote Access service. The Routing and Remote Access service will read the certificate that is plumbed to the HTTPS Listener and record the certificate hash regkeys for its crypto-binding validation phase. See the "Restart Routing and Remote Access" section.
Restart the Routing and Remote Access service

To restart the Routing and Remote Access service:
  1. Open Routing and Remote Access. Click Start , click Run , type rrasmgmt.msc , and then press ENTER.
  2. In the console tree, click Server Status .
  3. In the details pane, right-click a server name, point to All Tasks , and click Restart .
Verify :

To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:
  1. Click Start , and then click Control Panel .
  2. Click Network and Internet , click Network and Sharing Center , and then click Set up a connection or network .
  3. Click Connect to a workplace , and then click Next .
  4. Complete the steps in the Connect to a Workplace wizard.
To connect to a remote access server:
  1. In Network and Sharing Center, click Manage network connections .
  2. Double-click the VPN connection, and then click Connect .
  3. Verify that the connection was established successfully.
Reference LinksEvent ID 23 from Microsoft-Windows-RasSstp

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.