If your network doesn’t have a public certificate with a public revocation check server or it has a self-signed certificate without a revocation check server you might end up with the following error:


Error 0x80092013 The revocation function was unable to check revocation because the revocation server was offline

What you need to do?

Fixing this is actually really simple. Please remember to backup your registry before doing any changes.

  1. Open the Windows Registry Editor on you computer (regedit)
  2. Find the following registry path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\Parameters
  3. Add a new registry value (REG_DWORD) under called “NoCertRevocationCheck”.
  4. Set the key value to 0

Registry path: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Sstpsvc\Parameters
Name: NoCertRevocationCheck
Value: 1
Data type: REG_DWORD

This effects only SSTP. You can use this registry value to enable or to disable the SSL certificate revocation check that the VPN client performs during the SSL negotiation phase. When set to 0 the certificate revocation check will be performed. If the value is set to 1, certificate revocation check will be skipped. By default, certificate revocation check is performed.