Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

VPN L2TP: Error 786

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN L2TP: Error 786 Page: [1]
Login
Message << Older Topic   Newer Topic >>
VPN L2TP: Error 786 - 19.Oct.2007 12:57:13 PM   
kabracity

 

Posts: 22
Joined: 25.Sep.2007
Status: offline 		Hi all :)

I´ve trying to make VPN over L2TP/IpSec work but there´s something wrong as I´m not able to connect.I´ve been reading for hours on your articles, guides,advices, microsoft site,etc...but no idea of what I´m missing.

I´m on a test environnement:

-ISA Server 2006 installed on a W2k3 SP2 Server;He´ll be VPN server in the future,
and at the moment acts too as CA (its only on test purposes,i have no more servers on
the lab to test with).It´s a standalone server (I suppose in the future he´ll be part of the domain).

-Windows xp SP2 Client, member of a domain.

Requested certificate from the server via web, and all it´s ok;as I don´t have templates, I choose IPSec Certificate (also tried with "client" and "server"), and on my information I fill FQDN of the host client as "Name"(for example winxp.constoso.local).I put the check on "store certificate locally" option.Then I approve the certificate from the CA, and I install it on the client (accessing via web).Also via web, I download the CA certificate and install it on my trusting root cas.I check client certificates via the mmc (computer store), and I can see the client certificate in the personal folder, and the CA certificate in the trusted sites.

As my ISA is at the same time the CA, I suppose he doesn´t need a certificate to work with VPN (in it´s personal store I can see the certificate too, with the "all" purpose).I restarted the remote access and ipsec policy services so that VPN can use the new certificate.I gived access to a group "VPNUsers".This group contains a local user,wich name and password  matches the domain credentials of the user logged in the XP client.

Finally I setup my VPN client on XP..Ip address,L2TP as the only way to access,mschap2 authentication,etc..

Every time I tried to connect I got the 786 error,stating that "The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication".
I saw stefaan´s solution but It´s not my case, I´m not having the same problem with the ntfs problems.

Help would be really appreciated as I´m new in working with VPN L2TP so I´m a little lost.
Thanks in advance,

Andrés
Post #: 1
RE: VPN L2TP: Error 786 - 22.Oct.2007 3:00:20 AM   
kabracity

 

Posts: 22
Joined: 25.Sep.2007
Status: offline 		Just realized I´m working with Windows 2k3 Standard Edition and not Enterprise...perhaps my troubles come because of that; I don´t know...
(justmee said something about standard edition but he wasn´t sure about -> http://forums.isaserver.org/L2TP%2fIPsec_VPN_using_certificates/m_2002048572/tm.htm )

(in reply to kabracity)
Post #: 2
RE: VPN L2TP: Error 786 - 22.Oct.2007 7:57:46 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline 		Hi kabracity ,
I was reffering there to an Enterprise CA installed on Windows 2003 SE or EE and the templates you can use.
If you've installed the Standalone CA on Windows 2003 SE you can request with no problem an IPsec certificate(I've played recently with a Standalone CA).
Your problem is tha fact you've butchered ISA installation.
It does noes not matter you are in a lab. The CA must be installed on a separate machine, not on ISA!
After that request a certificate for both ISA and VPN client using WebEnroll.
On ISA you need to install the CA Certificate chain.
Regards!

(in reply to kabracity)
Post #: 3
RE: VPN L2TP: Error 786 - 22.Oct.2007 10:19:04 AM   
kabracity

 

Posts: 22
Joined: 25.Sep.2007
Status: offline 		I knew is not a good practice to make CA on ISA, but it was just to test..finally, I tried using another server as CA and all was ok at first try...
Thanks for the advice :)

Now I must beat  ISA caching..but that will be tomorrow, work is finished for today :p.

Regards ;)

(in reply to justmee)
Post #: 4
RE: VPN L2TP: Error 786 - 31.Aug.2008 5:55:12 PM   
Msreport77

 

Posts: 1
Joined: 31.Aug.2008
Status: offline 		Salut
J'ai pas mal galéré avec l'erreur 786.
Pour informations, dans certains cas il s'agit d'un bug.
Pour le corriger, exporter le certificat sur la machine client et le réimporter dans le conteneur personnel dans le magasin certificat ordinateur.
Pour plus d'informations :
http://msreport.free.fr/?p=108

A+
Guillaume MATHIEU
PROSERVIA
http://msreport.free.fr
La connaissance s'accroît quand on la partage.

(in reply to kabracity)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> VPN >> VPN L2TP: Error 786 Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts