Event Id | 8 |
Source | Microsoft-Windows-RasSstp |
Description | The Secure Socket Tunneling Protocol (SSTP) service could not initialize the HTTP layer for setting up the configuration. Any configuration changes applied by the administrator might not be applied by SSTP. |
Event Information | According to Microsoft : Diagnose : This error condition might be caused by one of the following:
Fix the network connectivity or certificate issue Fix the network connectivity or certificate-related issue and try the connection again. Note: The following procedures include steps for using the ping command to perform troubleshooting. Before you perform these steps, check whether the firewall or Internet Protocol security settings on your network allow Internet Control Message Protocol traffic. ICMP is the TCP/IP protocol that is used by the ping command. To perform these procedures,must be a member of the Administrators group or must have been delegated the appropriate authority. Follow the procedures in the order in which they appear until the problem is resolved. Determine if there is a network connectivity problem To determine if there is a network connectivity problem between the remote access server and the domain controller:
If you cannot successfully ping the domain controller by IP address, this indicates a possible issue with network connectivity, firewall configuration, or Internet Protocol security configuration. Perform additional troubleshooting steps The following are some additional troubleshooting steps that can perform to help identify the root cause of the problem:
To check that Internet Explorer is set to use HTTP version 1.1:
The resolution steps vary, according to the HTTP status code. The only status code that the SSTP service on the client will respond for a failure is HTTP_STATUS_PROXY_AUTH_REQ (Proxy authentication required). An Access Denied message will appear in the dialer user interface on the client computer. Configure the proxy server so that it does not prompt for authentication. For all other HTTP status codes, review the definition of the HTTP status code. If the Web proxy or the SSTP server is rejecting the connection, the server might not be configured to use SSTP.To check whether the Web proxy server is configured to block the connection to the SSTP URL. Set permissions for the specified URL for SSTPSVC Namespace reservation assigns the rights for a portion of the HTTP URL namespace to a particular group of users.A reservation gives those users the right to create services that listen on that portion of the namespace. Reservations are URL prefixes, meaning that the reservation covers all subpaths of the reservation path. Use the netsh http add urlacl command to configure access control lists (ACLs) for the URL for SSTPSVC use. Configure the certificate manually To perform this procedure, must have membership in Administrators, or must have been delegated the appropriate authority.
Configure a SSTP certificate with an Enhanced Key Usage (EKU) of either Server Authentication or Any Purpose. To perform these procedures, must be a member of the Administrators group, or must have been delegated the appropriate authority. Delete a certificate Delete the certificate from the certificate store. Restart Routing and Remote Access Configure the server with acceptable hash certificate by the Reverse Web Proxy server Possible resolution:
View the certificate hash Configure the certificate hash on the remote access server Restart the Routing and Remote Access service Provide the permission for SSTP relevant registry parameter Modify value data for SHA1CertificateHash registry parameter Modify value data for SHA256CertificateHash registry parameter Modify value data for ServerURL registry parameter |
Reference Links | Event ID 8 from Microsoft-Windows-RasSstp |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.