Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

L2TP/IPSEC Certificate issues

Status
Not open for further replies.
lauritzs

lauritzs

Technical User
Sep 25, 2002
4
AU
Can anybody help?

I'm trying to configure a VPN server on windows 2003 but get a very stange error when I try to connect to the server from a WinXP Pro machine (as client)

When I fire up the connection to setup the session the VPN server denies me access because of the following.

Event log:

1. Could not retrieve the Remote Access Server's certificate due to the following error: Cannot find object or property

2. Because no certificate has been configured for clients dialing in with EAP-TLS, a default certificate is being sent to user UABC\test. Please go to the user's Remote Access Policy and configure the Extensible Authentication Protocol (EAP).

When I try to enable it in the Remote Access Policy the following error pops up.

" A certificate could not be found that can be used with this Extensible Authentication Protocol"

I have loaded a computer and a user certificate as well as added the root CA to the trusted root certificates..

Can anybody point me how to do a manual mapping for the RAS certificate.

Any help will be much appreciated.

Thanks

 
Sort by date Sort by votes
You need to add the "Web Server" certificate. This is actually the Authentication certificate.
 
Upvote 0 Downvote
Thanks CoCoSavage,

I added a certificate with the following purposes "All application policies" in the local computer personal certificate stor and it do display "You have a private key that corresponds to this certificate" on the key.

Can you please explain where to load the "Web server" certificate e.g where in the certificate stor? Also what options must then be enable to get only a "Web server" certificate for RRAS?

What I did do previously is to load a certificate through Internet Explorer but that also did not work for me because its loaded the certificate in the current user personal stor.
The same error was reported.

Thanks for your info.

 
Upvote 0 Downvote
Best way to go is
Choose the request a certificate, then in the "submit the a certificate request using CA form" then from the Certificate Template, grab the "Web Server" one.

The naming convention blows as it doesnt really mean "Web Server". The template is for authentication and not just for IIS.

You can choose the various certificate options from here, jsut go for defaults if your not sure.

When you have installed the certificate, shut down and restart your IPSec policy agent service (under services) and then stop and restart your RRAS service.

This should see you through.
 
Upvote 0 Downvote
Thanks for that CocoSavage,

I tried that but still no go any other way to determine where things go wrong.


Thanks


 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

raist3001
  • Locked
  • Question
Creating an IPSEC VPN tunnel between 2 DLINK DSR-250 help
Replies
0
Views
384
raist3001
raist3001
thopee133
  • Locked
  • Question
received ipsec delete request
Replies
2
Views
623
thopee133
thopee133
KarstenJHilton
  • Locked
  • Question
Cisco RVS4000 IPSec VPN Setup
Replies
0
Views
244
KarstenJHilton
KarstenJHilton
smokey7244521
  • Locked
  • Question
Voice Paging issues across Sonicwall VPN 1
Replies
2
Views
289
smokey7244521
smokey7244521
brokenhalo
  • Locked
  • Question
DirectAccess Issues
Replies
1
Views
219
brokenhalo
brokenhalo

Part and Inventory Search

Sponsor

Back
Top