RE: Error 786: The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication

  • From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Tue, 13 Dec 2005 16:53:29 -0800

Are you sure the certificate's trust chain is properly established? Thex boxes trust the cert authority?

t

-----
"God is a comedian playing to an
audience too afraid to laugh."


----- Original Message ----- From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Tuesday, December 13, 2005 12:56 PM
Subject: [isalist] RE: Error 786: The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication



http://www.ISAserver.org

Tom,

Nothing else!

Some time ago we had the exact same problem. But then that box was very VERY
slow and other things doesn't work either. So, we used my favorite command
FDISK and rebuild the box from scratch. Problem solved ;-)


BTW --- A PPTP connection with EAP-TLS works great. So, it must be something
related to the machine certificate.


Thanks,
Stefaan

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: dinsdag 13 december 2005 21:34
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Error 786: The L2TP connection attempt failed because
there is no valid machine certificate on your computer for security
authentication


http://www.ISAserver.org

Hi Stefaan,

Anything in the Event viewer that might indicate something else is wrong?

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



-----Original Message-----
From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
Sent: Tuesday, December 13, 2005 2:28 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Error 786: The L2TP connection attempt failed
because there is no valid machine certificate on your computer for
security authentication

http://www.ISAserver.org

Hi Tom,

I have no access those machines at this moment. But as far as I can
remember, the whole certificate chain is correct and the clocks are
synchronized.

Thanks,
Stefaan

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: dinsdag 13 december 2005 21:23
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Error 786: The L2TP connection attempt failed
because there is no valid machine certificate on your computer for
security authentication

http://www.ISAserver.org

Hi Stefaan,

Is the clock correct on the machines that aren't working?

Is the CA certificate in the right place?

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**



> -----Original Message-----
> From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> Sent: Tuesday, December 13, 2005 2:03 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Error 786: The L2TP connection attempt failed
> because there is no valid machine certificate on your computer for
> security authentication
>
> http://www.ISAserver.org
>
> Hey guys,
>
> On two laptops with Windows XP SP2 we get the Error 786: The L2TP
> connection attempt failed because there is no valid machine
> certificate on your computer for security authentication.
>
> In the Event Security log we see Event ID's 547:
>
> IKE security association negotiation failed.
> Mode: Key Exchange Mode (Main Mode)
> Filter: <snip>
> Peer Identity: <snip>
> Failure Point: Me
> Failure Reason: No private key associated with machine certificate
> Extra Status: 0x80092004 0x0
>
> We have verified that there is a valid machine certificate in the
> computer personal store with an associated private key. A
new machine
> certificate on the failing box isn't working either. Other machines
> are working great. So, something must be screwed up on this
particular
> boxes.
>
> Any idea how to solve that problem?
>
> Thanks,
> Stefaan
>
>


------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx



------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: stefaan.pouseele@xxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx






Other related posts: