Hey,
I have found some strange behavior (bug) at the NPS in Windows Server 2012 R2.
We implemented a VPN SSTP access via TMG and a NPS - nothing special.
But if I try to connect I get the following error:
The revocation function was unable to check revocation for the certificate. -- Event 6273 -- Access Denied
Okay -- maybe I made a mistake at the CPD AIA configuration at the certificate service.
I made a duple check for the accessibility of the CRL and CRT: (certutil -url and so one) -- all fine and accessible (HTTP and LDAP).
Whats wrong?? I try to made a workaround. I added the registry key "IgnoreNoRevocationCheck" (https://technet.microsoft.com/en-us/library/cc771995%28v=ws.10%29.aspx)
But (after a complete reboot): The error appears again ?!?!?! Why ??!!
Okay: I made a reboot again and (*magic*) the user can established the connection - no error!!
Whats wrong?? But it is working !! YES !! ....... but only to the next reboot ... :/
I rebooted the system again (without ANY changes) -- the error appears again !!! Why ??
Now the questions:
1. Why is the NPS ignoring the registry keys??? Is there something new in 2012?
2. My CRL has a next Update in 2024 --> can the NPS deal with such a long period?