RAS server
Certificate renewal
When renewing the certificate for the VPN connection on the RAS server you will need to update the registry keys for the SSTP service for the new certificate. use the following commands
$Thumbprint = <TLS certificate thumbprint>
$Cert = Get-ChildItem -Path Cert:\LocalMachine\My\$thumbprint
Set-RemoteAccess -SslCertificate $Cert
Restart-Service RemoteAccess -Passthru
the Reg keys are located here:
HKLM:\SYSTEM\CurrentControlSet\Services\SstpSvc\parameters\SHA256CertificateHash
HKLM:\SYSTEM\CurrentControlSet\Services\SstpSvc\parameters\SHA1CertificateHash