Windows Server 2012 R2 VPN and Android

Please help.

I have configured Windows server 2012 R2 as VPN server on 443 port. My Windows clients can connect to SSTP VPN.

But I do not know how to configure Android 4.2.2 device. So far I have installed OpenVPN for Android. In connection I added VPN server certificate (also tried root CA certificate and Intermediate Issuer certificate). Mybe there is nay other app.

On tablet I got log

 :56 Running on GT-P5200 (clovertrail) samsung, Android API 17, version 0.6.29, official build
 :23 Building configuration…
 :25 started Socket Thread
 :25 Current Parameter Settings:
 :25   config = '/data/data/de.blinkt.openvpn/cache/android.conf'
 :25   mode = 0
 :25   show_ciphers = DISABLED
 :25   show_digests = DISABLED
 :25   show_engines = DISABLED
 :25   genkey = DISABLED
 :25   key_pass_file = '[UNDEF]'
 :25   show_tls_ciphers = DISABLED
 :25   connect_retry_max = 5
 :25 Connection profiles [0]:
 :25   proto = tcp-client
 :26   local = '[UNDEF]'
 :26   local_port = '[UNDEF]'
 :26   remote = 'gsm9.lmt.lv'
 :26   remote_port = '443'
 :26   remote_float = DISABLED
 :26   bind_defined = DISABLED
 :26   bind_local = DISABLED
 :26   bind_ipv6_only = DISABLED
 :26   connect_retry_seconds = 5
 :26   connect_timeout = 10
 :26   socks_proxy_server = '[UNDEF]'
 :26   socks_proxy_port = '[UNDEF]'
 :26   socks_proxy_retry = DISABLED
 :26   tun_mtu = 1500
 :26   tun_mtu_defined = ENABLED
 :26   link_mtu = 1500
 :26   link_mtu_defined = DISABLED
 :26   tun_mtu_extra = 0
 :26   tun_mtu_extra_defined = DISABLED
 :26   mtu_discover_type = -1
 :26   fragment = 0
 :26   mssfix = 1450
 :26   explicit_exit_notification = 0
 :26 Connection profiles END
 :26   remote_random = DISABLED
 :26   ipchange = '[UNDEF]'
 :26   dev = 'tun'
 :26   dev_type = '[UNDEF]'
 :26   dev_node = '[UNDEF]'
 :26   lladdr = '[UNDEF]'
 :26   topology = 1
 :26   tun_ipv6 = DISABLED
 :26   ifconfig_local = '[UNDEF]'
 :26   ifconfig_remote_netmask = '[UNDEF]'
 :26   ifconfig_noexec = DISABLED
 :26   ifconfig_nowarn = ENABLED
 :26   ifconfig_ipv6_local = '[UNDEF]'
 :26   ifconfig_ipv6_netbits = 0
 :26   ifconfig_ipv6_remote = '[UNDEF]'
 :26   shaper = 0
 :26   mtu_test = 0
 :26   mlock = DISABLED
 :26   keepalive_ping = 0
 :26   keepalive_timeout = 0
 :26   inactivity_timeout = 0
 :26   ping_send_timeout = 0
 :26   ping_rec_timeout = 0
 :26   ping_rec_timeout_action = 0
 :26   ping_timer_remote = DISABLED
 :26   remap_sigusr1 = 0
 :26   persist_tun = DISABLED
 :26   persist_local_ip = DISABLED
 :26   persist_remote_ip = DISABLED
 :26   persist_key = DISABLED
 :26   passtos = DISABLED
 :26   resolve_retry_seconds = 60
 :26   resolve_in_advance = DISABLED
 :26   username = '[UNDEF]'
 :26   groupname = '[UNDEF]'
 :26   chroot_dir = '[UNDEF]'
 :26   cd_dir = '[UNDEF]'
 :26   writepid = '[UNDEF]'
 :26   up_script = '[UNDEF]'
 :26   down_script = '[UNDEF]'
 :26   down_pre = DISABLED
 :26   up_restart = DISABLED
 :26   up_delay = DISABLED
 :26   daemon = DISABLED
 :26   inetd = 0
 :26   log = DISABLED
 :26   suppress_timestamps = DISABLED
 :26   machine_readable_output = ENABLED
 :26   nice = 0
 :26   verbosity = 4
 :26   mute = 0
 :26   gremlin = 0
 :26   status_file = '[UNDEF]'
 :26   status_file_version = 1
 :26   status_file_update_freq = 60
 :26   occ = ENABLED
 :26   rcvbuf = 65536
 :26   sndbuf = 65536
 :26   sockflags = 0
 :26   fast_io = DISABLED
 :26   comp.alg = 0
 :26   comp.flags = 0
 :26   route_script = '[UNDEF]'
 :26   route_default_gateway = '[UNDEF]'
 :26   route_default_metric = 0
 :26   route_noexec = DISABLED
 :26   route_delay = 0
 :26   route_delay_window = 30
 :26   route_delay_defined = DISABLED
 :26   route_nopull = DISABLED
 :26   route_gateway_via_dhcp = DISABLED
 :26   allow_pull_fqdn = DISABLED
 :26   route 0.0.0.0/0.0.0.0/vpn_gateway/nil
 :26   management_addr = '/data/data/de.blinkt.openvpn/cache/mgmtsocket'
 :26   management_port = 'unix'
 :26   management_user_pass = '[UNDEF]'
 :26 Network Status: CONNECTED  to WIFI "Accespoint_name"
 :26   management_log_history_cache = 250
 :26   management_echo_buffer_size = 100
 :26   management_write_peer_info_file = '[UNDEF]'
 :26   management_client_user = '[UNDEF]'
 :26   management_client_group = '[UNDEF]'
 :26   management_flags = 4390
 :26   shared_secret_file = '[UNDEF]'
 :26   key_direction = 0
 :26   ciphername_defined = ENABLED
 :26   ciphername = 'BF-CBC'
 :26   authname_defined = ENABLED
 :26   authname = 'SHA1'
 :26   prng_hash = 'SHA1'
 :26   prng_nonce_secret_len = 16
 :26   keysize = 0
 :26   engine = DISABLED
 :26   replay = ENABLED
 :26   mute_replay_warnings = DISABLED
 :26   replay_window = 64
 :26   replay_time = 15
 :26   packet_id_file = '[UNDEF]'
 :26   use_iv = ENABLED
 :26   test_crypto = DISABLED
 :26   tls_server = DISABLED
 :26   tls_client = ENABLED
 :26   key_method = 2
 :26   ca_file = '[[INLINE]]'
 :26   ca_path = '[UNDEF]'
 :26   dh_file = '[UNDEF]'
 :26   cert_file = '[UNDEF]'
 :26   priv_key_file = '[UNDEF]'
 :26   pkcs12_file = '[UNDEF]'
 :26   cipher_list = '[UNDEF]'
 :26   tls_verify = '[UNDEF]'
 :26   tls_export_cert = '[UNDEF]'
 :26   verify_x509_type = 2
 :26   verify_x509_name = 'my.server.dns.name'
 :26   crl_file = '[UNDEF]'
 :26   ns_cert_type = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_ku[i] = 0
 :26   remote_cert_eku = '[UNDEF]'
 :26   ssl_flags = 0
 :26   tls_timeout = 2
 :26   renegotiate_bytes = 0
 :26   renegotiate_packets = 0
 :26   renegotiate_seconds = 3600
 :26   handshake_window = 60
 :26   transition_window = 3600
 :26   single_session = DISABLED
 :26   push_peer_info = DISABLED
 :26   tls_exit = DISABLED
 :26   tls_auth_file = '[UNDEF]'
 :26   client = ENABLED
 :26   pull = ENABLED
 :26   auth_user_pass_file = 'stdin'
 :26 OpenVPN 2.4-icsopenvpn [git:icsopenvpn_629-4c6f7f0d16e1a6b3] android-14-x86 [SSL (OpenSSL)] [LZO] [SNAPPY] [LZ4] [EPOLL] [MH] [IPv6] built on Feb 24 2015
 :26 library versions: OpenSSL 1.0.1l 15 Jan 2015, LZO 2.07
 :26 MANAGEMENT: Connected to management server at /data/data/de.blinkt.openvpn/cache/mgmtsocket
 :26 MANAGEMENT: CMD 'hold release'
 :26 MANAGEMENT: CMD 'bytecount 2'
 :26 MANAGEMENT: CMD 'state on'
 :26 MANAGEMENT: CMD 'username 'Auth' user'
 :26 MANAGEMENT: CMD 'password [...]'
 :26 MANAGEMENT: CMD 'proxy NONE'
 :27 Control Channel MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:3 ]
 :27 MANAGEMENT: >STATE:1426770267,RESOLVE,,,
 :27 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:393 ET:0 EL:3 ]
 :27 Local Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_CLIENT,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client'
 :27 Expected Remote Options String: 'V4,dev-type tun,link-mtu 1543,tun-mtu 1500,proto TCPv4_SERVER,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-server'
 :27 Local Options hash (VER=V4): 'db02a8f8'
 :27 Expected Remote Options hash (VER=V4): '7e068940'
 :27 TCP/UDP: Preserving recently used remote address: [AF_INET]My_server_IP:443
 :27 Socket Buffers: R=[1048576->131072] S=[524288->131072]
 :27 Attempting to establish TCP connection with [AF_INET]My_server_IP:443 [nonblock]
 :27 MANAGEMENT: >STATE:1426770267,TCP_CONNECT,,,
 :27 Protecting socket fd 4
 :27 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
 :28 TCP connection established with [AF_INET]My_server_IP:443
 :28 Protecting socket fd 4
 :28 MANAGEMENT: CMD 'needok 'PROTECTFD' ok'
 :28 TCP_CLIENT link local: (not bound)
 :28 TCP_CLIENT link remote: [AF_INET]My_server_IP:443
 :28 MANAGEMENT: >STATE:1426770268,WAIT,,,
 :28 Connection reset, restarting [-1]

Connection did not established.