Re: L2TP Bug, win2003 and WinXP

From: GoumbaYa (f-me_at_fu.net)
Date: 09/29/03 

Date: Sun, 28 Sep 2003 20:54:49 -0400

1. Most *bugs* that users discover are usually related to the lack of
knowledge of the topic.
2. Wrong Newsgroup!

"stephen" <stephenbebb@hotmail> wrote in message
news:1665901c38622$c7229bd0$a601280a@phx.gbl...
> Hi,
>
> I have set up 5 fresh windows 2003 boxes and have followed
> the VPN lab document as close as possible.
>
> I am trying to get a test lab up and running and have run
> into into a few major problems and I have limited time
> left to demo this to my business and a vocal Unix crowd.
>
> I am using the Microsoft article :
> http://www.microsoft.com/technet/treeview/default.asp?
> url=/technet/prodtechnol/windowsserver2003/deploy/confeat/r
> motevpn.asp
> with a future hope of swapping the WinXP box for a PDA
> running Mobile 2003 with a wireless network being the
> 10.0.0.1 and 10.0.0.2.
> But of course I need to get the WinXP CLIENT1 working
> first.
>
> After I got the PPTP scenario working (very fast) I ran
> into a show stopper with the L2TP scenario in the above
> mentioned document.
>
> I end up with an error of: 789 and then after auto
> reconnect the error goes to 792.
>
> I followed the steps in the L2TP document and everything
> seemed to work fine until of course I tried to connect to
> the L2TP connection via the WinXP CLIENT1 box. The steps
> I followed were:
>
> 1.) Into the DC and configured the automatic certificate
> for a computer
> 2.) Then I did the gpudate on both the DC and VPN box. I
> didn't do it on the IAS box ?
> 3.) I then logged the client into the intranet domain
> network under the VPNUser. No problems, I could ping all
> the 172.16.0.X boxes and resolve their hostname.domain and
> I also checked that the certificate was loaded into
> Certificates -> Personal -> Certificate and it was. A
> certificate with the clienthostname.domain. I opened up
> the certicate and reviewed it properties and there seemed
> to be no problems.
> 4.) I then shutdown the CLIENT1 (XP box) and connected the
> WinXP box back to the isolated Internet hub connection.
> 5.) Logged in again under VPNuser. This time the log on
> took forever. Two Event Viewer application errors were
> then generated. I quickly checked that I could ping the
> VPN server (VPN1) at 10.0.0.2 and I could. It was
> successful and the CLIENT1 had now taken on the 10.0.0.1
> IP address.
>
> The first of these application errors said:
>
> Windows cannot obtain the domain controller name for your
> computer network. (The specified domain either does not
> exist or could not be contacted) Group Policy process is
> aborted.
>
> The second application error message (genertaed approx 1
> min afterwards) said:
> Automatic certificate enrollment for Local System failed
> to contact the active directory. The specified domain
> either does not exist or could not be contacted.
> Enrollment will not be performed.
>
> I thought both of these were fine as I wasn't connected
> onto the intranet yet for the active directory links to be
> performed ???
>
> Anyway, then I setup the L2TP connection as it says in the
> doco. I tried it with both mulitnode and LCP turned off
> and on, rebooting and anything else etc.. etc..
>
> The error I consistenly get is:
> Connecting to 10.0.0.2
> Error 789 : The L2TP connection failed bacause the
> security layer encountered a processing error during
> initial negotiations with the remote computer.
>
> Then when it auto redials it gives me the next error:
> Error 792:
> The L2TP connection attempt failed because security
> negotiation timed out.
>
> LASTLY, I thought I would try the good ol PPTP connection
> to see if it was still working and it was. The PPTP
> connection was successful adn I could still access the web
> site and c:\ on the iis1 box.
> I have read some of the news items and found Tom's site
> and book a must purchase for me (Does it use WIndows 2003
> in the book ?)
>
> I also checked the Root Certificate and found that is was
> registered just fine int he Root Certificate folder and
> that the hierarchy in the personal certificate was all OK.
>
> Please help me get this demo up and running, I'm so close.
>
> Cheers
> Steve
>

Relevant Pages

  • Re: Does L2TP actually WORK ? Drama on XP
    ... >Stop multiposting and find the correct newsgroup for VPN ... Into the DC and configured the automatic certificate ... >> WinXP box back to the isolated Internet hub connection. ... >> The L2TP connection attempt failed because security ...
    (microsoft.public.windowsxp.security_admin)
  • Does L2TP actually WORK ? Drama on XP
    ... But of course I need to get the WinXP CLIENT1 working ... Into the DC and configured the automatic certificate ... WinXP box back to the isolated Internet hub connection. ... then I setup the L2TP connection as it says in the ...
    (microsoft.public.windowsxp.security_admin)
  • L2TP Bug, win2003 and WinXP
    ... But of course I need to get the WinXP CLIENT1 working ... Into the DC and configured the automatic certificate ... WinXP box back to the isolated Internet hub connection. ... then I setup the L2TP connection as it says in the ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Does L2TP actually WORK ? Drama on XP
    ... Stop multiposting and find the correct newsgroup for VPN related stuff. ... Into the DC and configured the automatic certificate ... > WinXP box back to the isolated Internet hub connection. ... (The specified domain either does not ...
    (microsoft.public.windowsxp.security_admin)
  • L2TP/IPSEC problem, followed test lab think its a certificate
    ... But of course I need to get the WinXP CLIENT1 working ... Into the DC and configured the automatic certificate ... WinXP box back to the isolated Internet hub connection. ... then I setup the L2TP connection as it says in the ...
    (microsoft.public.windowsxp.security_admin)