Start a discussion

59 views
5 replies
Issue

Anywhere Access Wizard fails due to inbound connectivity on port 80

Hi

I am working on this existing Win Server 2016 with Essential Experience

The Anywhere Access Wizard has been working well ... until today. It now fails due to inbound connectivity on port 80

The IIS site is accessible internally and externally via http://remote.mydomain.com and https://remote.mydomain.com

Hardware firewall has all the correct ports forwarding

The Windows firewall is set up properly

Rebooted the server; reboot the router; checked the Services

What else can I look at?

 

Alexandre Michel Alexandre Michel
Published 04/28/2020 10:43
  • Essentials Experience Role
  • SSL Certificate
Add Comment
Mariette Knap

Yes, that sometimes happens but if you can connect ignore this

replied 04/28/2020 10:58
Alexandre Michel

Mariette,

I am having all kind of weird issues with the cert. I used Certify the Web as per your instructions in this site

The issues are: The PC is connected through the VPN, but no traffic goes through. The local network connection states that the computer is connected but there is no internet . All PING tests fail, except ping to self

I tried to "Repair Anywhere Access"; I also tried to re-run the Wizard from the start, getting same error as before

Right now, I need the VPN working as there are a lot of remote users

Tried to check that RRAS is using the correct cert (I can't though the GUI). 

After checking in the certificate store that only one cert was present, I used this command

$Cert = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.subject -eq "CN=office.mycompany.com"}
Set-RemoteAccess -SslCertificate $cert

What else can I do???

replied 04/28/2020 23:24
Alexandre Michel

Aaaargh! I am losing my mind (and my time) with this server. Tried everything... Restart RRAS services, re-run the various Wizards in Essential  console, etc...

The current problem is that when a VPN connection is made, NO traffic goes through... The only possible "traffic" is PING your own allocated RRAS IP (obviously).  As soon as a connection is made, all traffic stops. If I change my VPN connection to not use the Default Gateway, internet comes back up, but still no traffic to the remote LAN

Rebooted the server ... Fixed... Whyyyyyyy?

My current concern is:

  • each time Encrypts the Web changes the SSL Certificate,  VPN stops working. I then have to manually re-allocate the cert with RRAS, and trying to do this using the Wizard fails.
replied 04/29/2020 02:21
Mariette Knap

Add this in the script that executes after Certify the Web renews

# Update certificate after renewal for SSTP VPN

param($result)

# Store certificate in variable
$certificate = Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Thumbprint -match $result.ManagedItem.CertificateThumbprintHash}

# Update RRAS with new certificate
Import-Module RemoteAccess
Stop-Service RemoteAccess
Set-RemoteAccess -SslCertificate $certificate
Start-Service RemoteAccess

 

replied 04/29/2020 07:02
Mariette Knap

Also set DNS suffix in the network properties of your VPN adapter on the client.

replied 04/29/2020 13:38
Last Activity 04/29/2020 13:38