I’ve been using SSTP VPNs for many, many years now as it was a great way of accessing a VPN server when you’re in a location that blocks non-HTTP outbound traffic. I found my system had stopped working all of a sudden recently, with the Windows 10 client reporting that “the connection was aborted by the local system.” Upon checking the event log, I found Application log entries from RasClient indicating a failure with the helpful return code of “-2147023660.” There were corresponding entries in the System log for RasSstp which was reporting a “503” error as the response code received from the HTTPS server.
The server itself wasn’t recording any faults or errors.
I confirmed that the server (Windows Server 2019) was correctly registering the URL prefix with the HTTP driver/service. I confirmed that both the client and the server were already fully patched.
The server in question is hosting both an IIS Web service, and the Routing and Remote Access service. I had a bit of a poke around, and found that disabling HTTP/2 in the bindings for the colocated IIS Web site seemed to resolve the issue. I turned off the HTTP/2 support on the binding, and restarted the HTTP service. All of a sudden the VPN was working again. I then re-enabled the HTTP/2 support, restartedthe HTTP service, and it had stopped working again.
If I get some time I’ll dig into it further, but for now am happy that the VPN is once again working. I’m creating the post in case someone else has the issue, and needs a quick fix whilst looking for a longer term solution.
The setting was disabled in IIS through the binding properties of the web site. The picture below (with the certificate and host names hidden of course), is where the change is made.