September 15th, 2011 Comments off
- You install the Routing and Remote Access Service (RRAS) role on a server that is running Windows Server 2008 R2.
- You configure the server to accept Layer Two Tunneling Protocol with IPsec (L2TP/IPsec) connections.
- You run the Netsh ipsec dynamic set config property=strongcrlcheck value=2 command to configure the StrongCRLCheck setting on the server.
- You revoke a certificate on a client computer. The certificate is used to make L2TP/IPsec connections to the RRAS server.
- You establish an L2TP/IPsec connection from the client computer to the server.
- The connection to the RRAS server is successful. However, you expect that the client computer cannot connect to the server.
The issue occurs because the Remote Access Service (RAS) ignores the StrongCRLCheck setting!
To correct this you need a hot fix and a new registry key as instructed by KB2351254 http://support.microsoft.com/kb/2351254