Using a self signed cert, if the CRL (Certificate revocation location) is not available the client cannot connect. This can be easily fixed with a registry key to disable checking of the certificate on the client:
The fix – on the client, create a new registry key (DWORD) with value of 1:
HKLM > SYSTEM > CurrentControlSet > Services > SstpSvc > Parameters >
Name: NoCertRevocationCheck
Type: DWORD(32 Bit)
Value: 1
Error 0x80092013: The revocation function was unable to check revocation because the revocation server was offline