IKE failed to find valid machine certificate (Error 786)
From: Tony Ashlee (oxalis55_at_pacbell.net)
Date: 05/03/04
- Next message: Danny Sanders: "Re: Ping from my internal NetWork"
- Previous message: Wacal: "RAS Server Configuration"
- Next in thread: Sharoon Shetty K: "Re: IKE failed to find valid machine certificate (Error 786)"
- Reply: Sharoon Shetty K: "Re: IKE failed to find valid machine certificate (Error 786)"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 3 May 2004 12:56:05 -0700
I have an Enterprise CA installed on the same server as our RAS server. My computers all have a certificate issued by the CA. Yet, I get an error when attempting to use L2TP that indicates that the computer does not have a certificate.
I read what Sharoon Shetty said about "The certificate.pfx must be installed in personal store and certificate.cer
in trusted root CA. If we put certificate.cer in both places, it fails with the error 786." but I cannot find any pfx files anywhere. Am I missing something obvious?
My Oakley log looks as follows: (I tweaked the IP addresses for security)
5-03: 12:35:14:622:3d4 constructing ISAKMP Header
5-03: 12:35:14:622:3d4 constructing KE
5-03: 12:35:14:622:3d4 constructing NONCE (ISAKMP)
5-03: 12:35:14:622:3d4 Constructing Cert Request
5-03: 12:35:14:622:3d4 DC=edu, DC=ucsd, DC=sfsnt, CN=UCSD FAO
5-03: 12:35:14:622:3d4
5-03: 12:35:14:622:3d4 Sending: SA = 0x03E9A200 to 132.239.230.240:Type 2.500
5-03: 12:35:14:622:3d4 ISAKMP Header: (V1.0), len = 276
5-03: 12:35:14:622:3d4 I-COOKIE 133a4fea3a07bd99
5-03: 12:35:14:622:3d4 R-COOKIE 9599564dc5340ed4
5-03: 12:35:14:622:3d4 exchange: Oakley Main Mode
5-03: 12:35:14:622:3d4 flags: 0
5-03: 12:35:14:622:3d4 next payload: KE
5-03: 12:35:14:622:3d4 message ID: 00000000
5-03: 12:35:14:622:3d4 Ports S:f401 D:f401
5-03: 12:35:15:528:5a8 retransmit: sa = 03E9A200 centry 00000000 , count = 1
5-03: 12:35:15:528:5a8
5-03: 12:35:15:528:5a8 Sending: SA = 0x03E9A200 to 132.239.230.240:Type 2.500
5-03: 12:35:15:528:5a8 ISAKMP Header: (V1.0), len = 276
5-03: 12:35:15:528:5a8 I-COOKIE 133a4fea3a07bd99
5-03: 12:35:15:528:5a8 R-COOKIE 9599564dc5340ed4
5-03: 12:35:15:528:5a8 exchange: Oakley Main Mode
5-03: 12:35:15:528:5a8 flags: 0
5-03: 12:35:15:528:5a8 next payload: KE
5-03: 12:35:15:528:5a8 message ID: 00000000
5-03: 12:35:15:528:5a8 Ports S:f401 D:f401
5-03: 12:35:17:528:5a8 retransmit: sa = 03E9A200 centry 00000000 , count = 2
5-03: 12:35:17:528:5a8
5-03: 12:35:17:528:5a8 Sending: SA = 0x03E9A200 to 233.223.233.240:Type 2.500
5-03: 12:35:17:528:5a8 ISAKMP Header: (V1.0), len = 276
5-03: 12:35:17:528:5a8 I-COOKIE 133a4fea3a07bd99
5-03: 12:35:17:528:5a8 R-COOKIE 9599564dc5340ed4
5-03: 12:35:17:528:5a8 exchange: Oakley Main Mode
5-03: 12:35:17:528:5a8 flags: 0
5-03: 12:35:17:528:5a8 next payload: KE
5-03: 12:35:17:528:5a8 message ID: 00000000
5-03: 12:35:17:528:5a8 Ports S:f401 D:f401
5-03: 12:35:21:294:3d4
5-03: 12:35:21:294:3d4 Receive: (get) SA = 0x03e9a200 from 233.223.233.240.500
5-03: 12:35:21:294:3d4 ISAKMP Header: (V1.0), len = 108
5-03: 12:35:21:294:3d4 I-COOKIE 133a4fea3a07bd99
5-03: 12:35:21:294:3d4 R-COOKIE 9599564dc5340ed4
5-03: 12:35:21:294:3d4 exchange: ISAKMP Informational Exchange
5-03: 12:35:21:294:3d4 flags: 1 ( encrypted )
5-03: 12:35:21:294:3d4 next payload: HASH
5-03: 12:35:21:294:3d4 message ID: 9bc5a034
5-03: 12:35:21:294:3d4 processing HASH (Notify/Delete)
5-03: 12:35:21:294:3d4 processing payload NONCE
5-03: 12:35:21:294:3d4 processing payload DELETE
5-03: 12:35:21:294:3d4 SA Dead. sa:03E9A200 status:35ef
5-03: 12:35:21:294:3d4 isadb_set_status sa:03E9A200 centry:00000000 status 35ef
5-03: 12:35:21:294:3d4 Key Exchange Mode (Main Mode)
5-03: 12:35:21:294:3d4 Source IP Address 233.223.233.23 Source IP Address Mask 255.255.255.255 Destination IP Address 233.223.233.240 Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 233.223.233.23 IKE Peer Addr 233.223.233.240 IKE Source Port 500 IKE Destination Port 500 Peer Private Addr
5-03: 12:35:21:294:3d4 Certificate based Identity. Peer IP Address: 233.223.233.240
5-03: 12:35:21:294:3d4 Me
5-03: 12:35:21:294:3d4 IKE SA deleted by peer before establishment completed
5-03: 12:35:21:294:3d4 Processed second (KE) payload Responder. Delta Time 7 0x0 0x0
5-03: 12:35:21:294:3d4 Received reliable Notify. Messid 9bc5a034
5-03: 12:35:21:294:3d4 constructing ISAKMP Header
5-03: 12:35:21:294:3d4 constructing HASH (null)
5-03: 12:35:21:294:3d4 constructing NONCE (ND)
5-03: 12:35:21:294:3d4 constructing HASH (Notify/Delete)
5-03: 12:35:21:294:3d4
5-03: 12:35:21:294:3d4 Sending: SA = 0x03E9A200 to 233.223.233.240:Type 1.500
5-03: 12:35:21:294:3d4 ISAKMP Header: (V1.0), len = 108
5-03: 12:35:21:294:3d4 I-COOKIE 133a4fea3a07bd99
5-03: 12:35:21:294:3d4 R-COOKIE 9599564dc5340ed4
5-03: 12:35:21:294:3d4 exchange: ISAKMP Informational Exchange
5-03: 12:35:21:294:3d4 flags: 1 ( encrypted )
5-03: 12:35:21:294:3d4 next payload: HASH
5-03: 12:35:21:294:3d4 message ID: 9bc5a034
5-03: 12:35:21:294:3d4 Ports S:f401 D:f401
5-03: 12:36:01:558:c70 ClearFragList
- Next message: Danny Sanders: "Re: Ping from my internal NetWork"
- Previous message: Wacal: "RAS Server Configuration"
- Next in thread: Sharoon Shetty K: "Re: IKE failed to find valid machine certificate (Error 786)"
- Reply: Sharoon Shetty K: "Re: IKE failed to find valid machine certificate (Error 786)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
