JVH Consulting's Blog

Client told me he couldn’t access the remotewebaccess.com vpn to the office.  Would connect and disconnect and or any connection would only last a few seconds before disconnecting. Event log errors include Error 829.

At first I thought it could be the server needed a reboot. Nope, wasn’t it.

Looked at the RWA certificates on the server and did notice that the one that was being used expired today. Hmmm. So I checked IIS and looked at the Bindings for the Default Website – but the server had already bound the new RWA certificate to it. Still clients couldn’t connect.

Looking further at the client event logs this is example of one of error messages:

CoId={3AE1BD1D-CF91-4B7B-A93F-7A59705A1EF5}: The user WIN10TEST\username dialed a connection named customerDomain.remotewebaccess.com which has terminated. The reason code returned on termination is 829. All this means is a disconnected session. Great no help there.

Searched the web and found this bit of information:

The RWA certificate set in IIS is also used by Routing and Remote Access Server Configuration – not for authentication but for maintaining secure TLS connection. So even though the IIS cert was updated, RRAS console doesn’t upgrade it automatically :(.

Solution: Go to Routing and Remote Access snap-in, right-click on the properties of your router (MACHINE-NAME (local) properties in the tree-view to the left) select the Security Tab; you will be warned that there’s no TLS certificate selected (the previous has expired in my case) and select the certificate that has the next year’s expiration date – can select and then view them prior to saving. This will force a RRAS service restart. Thereafter clients can connect and remain connected :).