“Creating a Point-to-Site VPN connection to Azure network !! “

Microsoft Azure lets you create both Point-to Site and Site-to-Site VPN connections between your on premise network and Azure network. In this post, I will be demonstrating the steps to create a Point-to-Site VPN connection ie you can connect to Virtual Networks in Azure from your workstations. Point-to-Site VPN which we discuss here makes use of SSTP [Secure Socket Tunneling Protocol, which makes use of certificates] protocol.

  • First log in to your Azure account. In my environment, I have already created a DNS Server in Azure as shown below:


The steps for creating a Virtual Network is shown below:

  • Configure a new Virtual Network for this purpose by navigating to NEW -> Network Services -> Virtual Network -> Custom Create.


  • Specify a Name for the connection and the Datacenter Location and click Next.


  • You can either specify the DNS server you have configured or leave this section blank for Azure default name resolution service. Then select the checkbox for Point-to-Site connectivity.


  • On the next page, specify the Address Space and Usable IP Address Range. This IP address will be assigned to VPN clients, while connecting to the Virtual Network.


  • On the next page, specify the Address Space and Usable Address Range to be used by the VMs. Make sure this IP range does not overlap with the on premise network. Select the option ‘Add gateway subnet‘ to specify a gateway for the Point-to-Site connection as well.


  • Complete the Virtual Network configuration. You will see the status of the Virtual Network as Created.


Next step is to create a Dynamic Routing Gateway.

  • Select Networks -> Your Virtual Network -> Select Dashboard -> Select Create Gateway.


  • Click on Yes when it asks if gateway needs to be created or not. Once the gateway is created, this is how the screen will look like:


Now create a Root Certificate and upload it to Azure Virtual Network.

  • Install Microsoft Visual Studio Express 2013 for Windows Desktop which is a free version. Navigate to the Visual Studio Tools folder and launch the command prompt for VS2013.
  • Use the below command to install a root certificate in the personal certificate store of the machine:

makecert -sky exchange -r -n “CN=RootCertificateName” -pe -a sha1 -len 2048 -ss My “RootCertificateName.cer”

RootCertificateName :- Name of the Certificate


  • Upload the root certificate file to the management portal under the certificate section in Virtual Network. Once uploaded it will show the status as Created under the Certificates tab.



Next step is to create a Client Certificate.

  • Use the below command to create a Client Certificate. Once the command is executed, it will be installed in the Personal certification store of the computer.

makecert.exe -n “CN=ClientCertificateName” -pe -sky exchange -m 96 -ss My -in “RootCertificateName” -is my -a sha1


In order to connect to the Virtual Network from multiple computers, export the client certificate and install it in the machines.

Download and Install the VPN client:

  • Based on the workstation architecture, download the suitable VPN client package and install on your machine from this section:


  • When installed, you will see the VPN icon created in the Network Settings. You can click on Connect button to initiate the VPN connection to Azure Virtual Network. Click on Connect again.



  • You will have to specify the Client certificate when asked for.


  • To check the working of VPN connectivity execute the command ipconfig /all to find out the IP address details.



Error “You haven’t configured a target delivery domain. Please choose the appropriate remote domain as the target delivery domain.”

The scenario being discussed here is an Exchange 2010 to Exchange Online (Office 365) migration. A hybrid configuration was set up resulting in the coexistence of Exchange 2010 SP3 and Office 365. The procedure selected for mailbox move was ‘Remote Move Migration’. However, an error was received while trying to move an on-premise Exchange 2010 mailbox to the cloud ie, Office 365.


While performing the remote move request, in the move settings, you will be asked to provide the ‘Target Delivery Domain’. When I click on Browse option all I get is the error above, indicating that no domains are configured.

This error can be resolved by following the below steps:

  • In the Exchange Management Console, navigate to Organization Configuration -> Hub Transport   -> Remote Domains
  • Add your domain name specifically along with the Default ‘*’ value


Now, right click the domain name entry you just created, and select Properties. Ensure that under the Office 365 Tenant Domain the tick mark is selected as shown below:


Create a new remote move request and confirm that the mailbox move is working fine now.

Error: The specified domain either does not exist or could not be contacted

I received an error trying to launch the Active Directory Users and Computers console on a Windows Small Business Server 2011.

I tried executing the command ‘netdom query fsmo‘ to identify whether the DC I logged in holds all the roles or not. I received the same error here as well, as shown below:


Upon checking the services, it was found that the Windows Time service was not started. However, attempting to start the service resulted in the below pop-up


As indicated in the notification, the Netlogon service was found to be Paused.


The issue was resolved after starting the Netlogon and Windows Time services in the Server .