You are an Enterprise administrator for contoso.com. Your company possesses a stand-alone root certification authority (CA) for the corporate network.
The corporate network contains a Windows Server 2008 server called contosoServer1. You issue a server certificate to contosoServer1 and deploy Secure Socket Tunneling Protocol (SSTP) on contosoServer1 for secure browsing.
Which of the following options would you choose to ensure that the external partner computers would be allowed to access internal network resources by using SSTP?
A.
Terminal Services Session Broker role service
B.
Firewall to allow inbound traffic on TCP Port 1723
C.
Root CA certificate on external computers
D.
Network Access Protection (NAP) on the network
E.
None of the above.
Explanation:
To ensure that the external partner computers would be allowed to access internal network resources by using SSTP, you need to deploy the Root CA certificate to the external computers.
SSTP is a new kind of Virtual Private Networking (VPN) tunnel that is available in the Routing and Remote Access server role in Windows Server 2008. SSTP allows for Point-to-Point Protocol (PPP) packets to be encapsulated over HTTP. This feature allows for a VPN connection to be more easily established through a firewall or through a Network Address Translation (NAT) device. Also, this feature allows for a VPN connection to be established through an HTTP proxy device.
Generally, if the client computer is joined to the domain and if you use domain credentials to log on to the VPN server, the certificate is automatically installed in the Trusted Root Certification Authorities store. However, if the computer is not joined to the domain or if you use an alternative certificate chain, you may need to Root CA certificate to the external computers.
Reference: How to troubleshoot Secure Socket Tunneling Protocol (SSTP)-based connection failures in Windows Server 2008
http://support.microsoft.com/kb/947031