VPN Error - Certificate chain termination RRS feed

  • Question

  • Hello

    We have RRAS/NPS set up on a 2019 member server. The VPN connection uses SSTP and we have a certificate in place bought from Thawte. This works flawlessly for staff using home computers.

    The issue:

    When staff use a laptop that has been joined to the domain to try to connect to our network by initiating a VPN connection an error is displayed:

    A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

    The common solution to this error seems to be to add the certificate to a store e.g. https://knowledge.digicert.com/solution/SO13755.html

    However, the certificate was installed by a consultant and I have no idea where it would be found. All the examples I have seen simply say what is on the referenced page - navigate to the certificate and import it. Where are the certificates stored? Where do I browse to?

    Another page I saw states I can check the certificate exists by looking at the trusted root certificate authorities and I can see Thawte certificates present.

    I have tried removing the laptop from the domain but clearly there is a setting that needs to be changed somewhere in order for this error to be addressed as the same error pops up when attempting a VPN connection.

    Can anyone help me with this, please?

    Thank you.

    Tuesday, March 17, 2020 3:47 PM

All replies

  • Since posting this I have tried the Recovery feature under Update and Security. I chose the option to reinstall Windows keeping the accounts on the computer and keeping data but removing applications - did not work - same message.

    Next, I used the Recovery feature with the option not to keep anything. I set it up for personal use but again saw the same error message when trying to connect to our business network via VPN.

    I have just tried a second work laptop but am seeing exactly the same error message.

    This is Murphy's Law in action. Nearly all our staff are able to connect via VPN and use Remote Desktop from their home computers. There is just one person at the moment who does not have a home computer and she is on the accounts team and needs to remote in so she can process accounts and payroll data.

    If anyone can provide assistance it will be appreciated.

    Thank you.

    Thursday, March 19, 2020 10:17 AM