Nathan Evans' Nemesis of the Moment

Point-to-site (P2S) Azure VPN

Posted in Azure, Windows Environment by Nathan B. Evans on March 1, 2014

It seems there’s still some bugs to be worked out by the Azure guys with this point-to-site Azure VPN feature.

I have been wanting a secure way to access my Azure virtual machines for some time and I only just noticed they added this feature (still in Preview) a few months back. So I went about setting it up.

I had seemingly followed all the official guides. Got past all the the hurdles for the certificate creation stuff using the makecert tool (why doesn’t Azure offer to do all this for you? It’s not like everybody that uses Azure has a Visual Studio command shell installed on their PC!)

I then downloaded the 64-bit VPN Package for my Virtual Network. Installed it. Tried to connect and it was throwing this bizarre error:

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

After some playing around it turned out that the VPN Package installer has a serious bug in it whereby it simply doesn’t install the Azure Gateway’s certificate into your certificate store. Luckily I had a copy of WinRAR on my machine and so I extracted the installer to take a peek inside and sure enough it contains a .cer certificate file. So I did WinKey+R, mmc, and added a Certificates snap-in for the Local Machine (not Current User!). Then navigated to the Trusted Root Certificates Authorities, right-click and choose the Import task. Find the .cer file you extracted from the VPN Package installer and install it.

Now retry the Azure VPN Connection and the error should go away and you’ll log straight in!

Tagged with: ,

3 Responses

Subscribe to comments with RSS.

  1. RaduC said, on June 3, 2014 at 10:10 PM

    THANK YOU VERY MUCH!!!

  2. drairey1 said, on July 25, 2015 at 7:28 PM

    Thanks. Never would have figured this out on my own.

  3. Sergey said, on August 26, 2016 at 11:01 AM

    Thank you!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: