Re: L2TP Connection Issue

From: CG (cg_at_cg.com)
Date: 10/31/04 

Date: Sun, 31 Oct 2004 11:18:40 -0500

where should the Root Cert show up? Local computer or Personal? I can only
get mine to go to the Personal when I install it from the cert server's
webpage.

"Sharoon Shetty K [MSFT]" <sharoons@online.microsoft.com> wrote in message
news:%23EOTu0EsEHA.2764@TK2MSFTNGP11.phx.gbl...
> The client needs the root certificate that the server's certificate chains
> to. The server needs the root certificate that the client's certificate
> chains to. If you are using an enterprise CA, the root certificate should
be
> automatically propagated through group policy.
>
>
>
> Use certmgr.msc to check and make sure that the certificates exist
> appropriately before trying to set up the connection.
>
>
>
>
> Certificates are kept in the "certificate store" of the machine. ("Store"
as
> in "storage area.") You can view the certificates (and their properties)
on
> the machine by opening the Microsoft Management Console (Start, Run, type
> "mmc" and hit enter) and adding the certificates snap-in to the console.
>
>
>
> There are two certificate stores on a machine -- the Current User store
and
> the Local Computer store. You can add both stores to the snap-in so that
you
> can view them from the same console (and then you can save the console for
> later use). For more MMC info see
>
>
http://www.microsoft.com/windows2000/techinfo/planning/management/mmcsteps.asp
>
>
>
> Some tips:
>
> The server cert must be in the Local Computer cert store. Also, when you
> configure the cert templates, make sure the server cert has the server
> authentication purpose in Enhanced Key Usage extensions. Do not substitute
> the "All" purpose for the "Server Authentication" purpose or the cert is
> invalid.
>
>
>
> If possible, use the Web enrollment tool to enroll the cert on the server.
>
>
>
> If clients are domain members, you can autoenroll client computer
> certificates (but not user certs) using Group Policy. That is a little
> complicated to set up, but is much easier than manually installing certs
on
> all clients. Clients must have the Client Authentication purpose in EKU
> extensions, not the "All" purpose.
>
>
>
> Some resources that are recommended:
>
> Step-by-Step Guide to Setting up a Certification Authority
>
>
http://www.microsoft.com/windows2000/techinfo/planning/security/casetupsteps.asp
>
>
>
> Step-by-Step Guide to Advanced Certificate Management
>
>
http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp
>
>
>
> The following topic is from Windows Server 2003 Help, "Network access
> authentication and certificates" in Windows Server 2003 IAS or VPN Help,
or
> on the web at
>
>
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_VPN_und15.asp
>
>
>
> Hope this helps!
>
>
> --
> Thanks,
> Sharoon
> ---------------------------------------------------------
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
>
> "John Ilgen" <anonymous@discussions.microsoft.com> wrote in message
> news:381601c4aaf5$6dbfeae0$a301280a@phx.gbl...
> >I tried the fix.
> >
> > Got error 789. The L2TP connection attempt failed because
> > the security layer encountered a processing error during
> > initial negotiations with the remote computer.
> >
> > For the certificate - I put the IPSEC certificate on both
> > the ISA server and the client. I assume that this is
> > correct.
> >
> > Thanks,
> >
> > John
> >
> >>-----Original Message-----
> >>Check the following KB article
> >>http://support.microsoft.com/default.aspx?scid=kb;EN-
> > US;247231
> >>
> >>--
> >>Thanks,
> >>Sharoon
> >>---------------------------------------------------------
> >>This posting is provided "AS IS" with no warranties, and
> > confers no rights.
> >>
> >>"John Ilgen" <anonymous@discussions.microsoft.com> wrote
> > in message
> >>news:3bce01c4aa76$17957470$a401280a@phx.gbl...
> >>> Can connect with PPTP but get Error 792. L2tp connection
> >>> attem failed because security timed out.
> >>>
> >>> Have followed procedures on Technet web site for L2TP
> > cert
> >>> install.
> >>>
> >>> Any suggestions?
> >>>
> >>> Thanks,
> >>>
> >>> John
> >>
> >>
> >>.
> >>
>
>

Relevant Pages

  • Re: Web Certificate for IIS Server on SBS Domain
    ... Before your reply, I actually ran across rapidssl myself, and have ordered and installed the free 30-day certificate on my site. ... I explained what you'd told me about putting my existing configuration at risk by installing Cert Services, and he said he didn't know that. ... Again, if you're just needing a cert to install on your web server to provide SSL connectivity for remote users, go with an external third-party provider. ... When you add Certificate Services on an internal network, lots of internal communications will start using pieces provided by the Cert Server instead of the defaults from Server 2003, and when things blow up, they can blow up gloriously. ...
    (microsoft.public.windows.server.sbs)
  • Re: Activesync between Windows Mobile 5 and SBS2003 gives error
    ... If you don't find a cert here that matches the URL for OWA, you need to re-run the CEICW wizard on the SBS box and re-create the self signed cert. ... I exported the certificate straight from the server. ... Treo 700wx running Windows Mobile 5. ...
    (microsoft.public.windows.server.sbs)
  • Re: Terminal Services over a VPN
    ... Create a certificate request and submit it to godaddy in order to obtain a public cert. ... You can use the wizard in IIS Manager for this by creating a new website that matches the above name (on your TS server), right-click and choose properties, directory security tab, server certificate button. ... After the install you can stop or delete the website created above since you don't need it for anything. ...
    (microsoft.public.windows.terminal_services)
  • Re: SBS 2003 Premium and Cert Services
    ... that philosphy got blown out of the equation when SBS included Exchange OWA ... "Small Business Server" which is MS claim as to why the risk of exposing the ... the Certificate Server on another server, ... >> Cert, or you could edit the properties of your Certification Authority to ...
    (microsoft.public.windows.server.sbs)
  • Re: Web Certificate for IIS Server on SBS Domain
    ... and installed the free 30-day certificate on my site. ... instructions to install Certificate Services. ... If I can find a way to issue my own cert without risking my SBS setup, ... > Server instead of the defaults from Server 2003, and when things blow up, ...
    (microsoft.public.windows.server.sbs)