Here is one for the group, I have established a L2TP Tunnel using Certificates between 2 ISA servers, works great, with one hitch, when the remote ISA server has a need to be rebooted for any reason, that is to say all system services shut down and start back up upon reboot, I see in RRAS on my end that the Tunnel end points can not be automatically reestablished like they should, I have my side set to persistent and defaults on the opposing side, the only way to reestablish connection is re-run this command "secedit refreshpoilicy machine_policy /enforce" after I run this my side automatically reestablishes connection and all is well again .. is there a way to make this permanent? I wanted to make sure that the group understood that the secedit utility is run on the downstream ISA server, the ISA server that ran the "Configure a Remote VPN Wizard" using the CFG file that was built on my end ...