Hi, I have been working with certificates my problem is this.......when i try to connect to the isa2004 vpn remote access server usint L2TP I get an error message stating the security negoation failed. this happens on a non domain member using web enrollment from a offsite computer. I suppect the computer certificate is not proply installed?? When I use a laptop offsite which is autoenrolled in the certificate program all works fine. I can use pptp with eap authtencation from the off site machine non domain member computer. My question is this how can I tell I have the right machine certificate installed on the off site machine for L2TP log in??? All the auto enrolled machine's have a computer certificate in the personal store in the format machine name.domain_name.crt Help if you can how do I enroll a non domain member computer in the machine cert program so I can get L2TP access??????????? Jim