Re: ipsec with certificate authentication issue



Look in the security log of each computer to see if there is any information
about IKE failure that may help determine what is going on. Windows 2000 has
much less logging than Windows 2003. You also want to make sure you have
auditing of logon events enabled in the Local Security Policy of each
computer. My guess is there may be a problem with the administrator
certificates and I would try to use a computer or offline ipsec certificate
[which always worked for me] instead and remove the administrator
certificate from the computer store. In Windows 2000 Enterprise CA you need
to enable the offline ipsec template on the CA before it will show up as an
option via Web Enrollment as an advanced request and then you want to
specify the computer name and be sure to select to store in computer
store. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;257225 --- Windows
2000 ipsec troubleshooting.



"djc" <dcopenhaver@xxxxxxxxxxxxxxx> wrote in message
news:OZ1ZUDZ$FHA.216@xxxxxxxxxxxxxxxxxxxxxxx
>I have ipsec setup for telnet (transport). I'll leave out all the filter
>details as I don't think they are pertinent to the problem. It works fine
>with preshared key but I cannot get it to work with certificate
>authentication. Client machine is connected to the lan via pptp vpn and
>telnet server resides on the remote lan. This works fine with preshared
>key. Both machines have my own MS cert server's certificate installed in
>their local machine store's trusted root certification authorities folder
>and both machines have their own certificate issued from this CA installed
>in their own local machine store. The cert was obtained via ms cert
>services web interface using the 'administrator' template. But if I
>understand correctly the type of cert on each machine does not really
>matter as long as they are both from the same trused root CA, which they
>are.
>
> I'm really not sure where to go from here. I know the issue must be
> certificate auth related since it works just fine with preshared key.
>
> any help would be greatly appreciated.
>


.



Relevant Pages

  • Re: Accessing certificate store from ASP.NET web project
    ... the cert must be in the local computer/personal) store - it will then open ... Have a look at the source code to open the right cert store... ... One of the locations requires a x509 certificate in order ... different user context than my vb.net web project. ...
    (microsoft.public.dotnet.security)
  • Re: Active Directory Federation Services
    ... that is associated with their profile and the machine itself has a store. ... Just wanted to let you know that I got the cert problem fixed. ... the user certificate store. ... FSP was looking for certs in the local ...
    (microsoft.public.windows.server.active_directory)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Issues with SSL on Win CE 5.0
    ... the HKCU certificate store. ... and tell the web server to use it. ... The old cert was in. ...
    (microsoft.public.windowsce.embedded)
  • Re: Connecting PDA/Phone to Web Services using SSL?
    ... I even used the SslChainSaver tool that Scott(from the Windows ... only the root cert was required. ... make a successful connection to the web service using SSL. ... a Windows 2003 AD domain with Certificate Services installed on the DC. ...
    (microsoft.public.dotnet.framework.compactframework)