Troubleshooting SSL VPN

Available in Classic and VPC

This document provides information on the problems users may face while using SSL VPN, their causes and solutions.

Prior action

If an SSL VPN Agent installation or execution error occurs, please first try the causes and solutions below.

Cause

Windows updates are not installed or a security program is preventing the installation and execution of the SSL VPN Agent.

Solution

The solutions are as follows:

1. Install Windows updates.
2. Close all security programs.
3. Disable the firewall.

SSL VPN Agent Installation Error

If the following error message appears while installing the SSL VPN Agent, please check the cause and solutions.
"BIG-IP Edge Client setup enned prematurely because of an error. Your system has not been modified. To install this program at a later time, please run the installation again."

Cause

Installation is restricted if the Root Certification Authority certificate does not exist or expired.

1. Execute certmgr.msc.
2. Check the following 3 certificates and expiration dates in Certificates - Current User -> Trusted Root Certification Authorities -> Certificates.
   • Entrust Root Certification Authority
   • Entrust Root Certification Authority - G2
   • Entrust.net Certification Authority (2048)

Solution

The solutions are as follows:

1. An Internet connection is required to verify the certificate.
2. Access https://www.entrust.com/get-support/ssl-certificate-support/root-certificate-downloads/ from the web browser and download the following 3 certificates:
   • Entrust Root Certification Authority
   • Entrust Root Certification Authority - G2
   • Entrust.net Certification Authority (2048)
3. Execute the 3 downloaded certificates and save them in Trusted Root Certification Authorities.
   1. Click [Install certificate].
   2. Click [Next] after selecting [Local computer].
   3. Select [Save all certificates to the following repository] and then select [Trusted Root Certification Authorities] from Browse.
   4. Press the [Next] button to save the certificate.

SSL VPN Agent Execution Error

If you cannot execute or connect to the SSL VPN Agent, check the causes and solutions.

Cause

It cannot be executed or connected because the service is not executed or the network adapter or system file is damaged.

Solution

The solutions are as follows:

1. Check the service status.
   1. Execute services.msc.
   2. Check the status of the services below and if they are not running, click the [Start] button.
      • Remote Access Connection Manger
      • Remote Access Auto Connection Manger
      • Secure Socket Tunneling Protocol Service
      • Telephony
2. Reinstall the network adapter driver.
   1. Execute devmgmt.msc.
   2. Remove up to 8 network adapters which start with WAN Miniport.
      • Select WAN Miniport and click Action > Remove Device.
   3. Reinstall the WAN Miniport network adapter by clicking Action > Scan for hardware changes.
   4. After the reinstallation is complete, the 8 WAN Miniport network adapters will be identified.
      • WAN Miniport (IKEv2)
      • WAN Miniport (IP)
      • WAN Miniport (IPv6)
      • WAN Miniport (L2TP)
      • WAN Miniport (Network Monitor)
      • WAN Miniport (PPPOE)
      • WAN Miniport (PPTP)
      • WAN Miniport (SSTP)
3. Check system files.
   1. Execute cmd.exe with administrator privileges.
   2. Type the sfc /scannow command at the command prompt, and then press Enter.
4. Reboot after completing all actions.