L2TP Error 781

[Newscene]

I am in the process of converting our RRAS connections from PPTP to L2TP. We
have the Certificate Service running on one of the domain servers and have
generated a private certificate. I have used several differt methods for
getting the certificate onto an XP client for testing: using the Web Request
and using the direct File Import. Both of these worked and the certicate
appears in the client certificate store.

When we attempt to make the L2TP connection however we continue to get
"Error 781 The connection requires a certificate and no valid certificate
was found". I've tried Google and searching Micorosft but all I find are
explanations that yhou have to install a certificate blah blah blah, all of
which we have done and verified using the methods described in the various
docs I found through Google. It APPEARS that everything is correct but
clearly it isn't.

Can anyone shed some light on this?

Thanks
John
jrs_listsubs [AT] insyte [DOT] com [DOT] us (for obvious reasons don't use
the 'dot us' part

 

[Ron Lowe]

I am in the process of converting our RRAS connections from PPTP to L2TP.
We have the Certificate Service running on one of the domain servers and
have generated a private certificate. I have used several differt methods
for getting the certificate onto an XP client for testing: using the Web
Request and using the direct File Import. Both of these worked and the
certicate appears in the client certificate store.

When we attempt to make the L2TP connection however we continue to get
"Error 781 The connection requires a certificate and no valid certificate
was found". I've tried Google and searching Micorosft but all I find are
explanations that yhou have to install a certificate blah blah blah, all
of which we have done and verified using the methods described in the
various docs I found through Google. It APPEARS that everything is correct
but clearly it isn't.

Can anyone shed some light on this?

Thanks
John
jrs_listsubs [AT] insyte [DOT] com [DOT] us (for obvious reasons don't use
the 'dot us' part

If you dbl-click the cert in the client store, is ther any problem with it?

General Tab:

Is it in-date? If the PCs clock is way out, then the cert can be
invalidated.
Is it's Intended Puropse correct?

In the Certification Path tab:

Is it's parentage good?

XP has root certs for commercial CAs installed by default, but your CA will
need to have its root cert installed.

If the cert was created on your DC, then the Enterprise Cert Authority root
cert from the DC Cert Server needs to be installed on the client before the
client cert can be recognised.

Look in the Trusted Root Cert Authorites for your Enterprise CA. If it's not
listed, the client can't verify the cert.

If necessary, get the root cert and install it on the client.

 

[Guest]

Well, I'm not sure I follow exactly. Here's what I did and what I have
1. I created a certificate for our company on the Certificate Authority on
the DC
2. I exported the certificate to a file and imported it into the certificate
store on the test client.
3. I also used the Web Request method and that also installed the
certificate without a problem.

If I look at the both the client and the server I see the certificate in the
Enterprise Trust.

But it does not work

I am in the process of converting our RRAS connections from PPTP to L2TP.
We have the Certificate Service running on one of the domain servers and
have generated a private certificate. I have used several differt methods
for getting the certificate onto an XP client for testing: using the Web
Request and using the direct File Import. Both of these worked and the
certicate appears in the client certificate store.

When we attempt to make the L2TP connection however we continue to get
"Error 781 The connection requires a certificate and no valid certificate
was found". I've tried Google and searching Micorosft but all I find are
explanations that yhou have to install a certificate blah blah blah, all
of which we have done and verified using the methods described in the
various docs I found through Google. It APPEARS that everything is correct
but clearly it isn't.

Can anyone shed some light on this?

Thanks
John
jrs_listsubs [AT] insyte [DOT] com [DOT] us (for obvious reasons don't use
the 'dot us' part

If you dbl-click the cert in the client store, is ther any problem with it?

General Tab:

Is it in-date? If the PCs clock is way out, then the cert can be
invalidated.
Is it's Intended Puropse correct?

In the Certification Path tab:

Is it's parentage good?

XP has root certs for commercial CAs installed by default, but your CA will
need to have its root cert installed.

If the cert was created on your DC, then the Enterprise Cert Authority root
cert from the DC Cert Server needs to be installed on the client before the
client cert can be recognised.

Look in the Trusted Root Cert Authorites for your Enterprise CA. If it's not
listed, the client can't verify the cert.

If necessary, get the root cert and install it on the client.

 

[Newscene]

Well, we reimported the CA certificate and the client certificate and the
problem remains. From all appearances everything is correct according to
what I have found at Microsoft and using Google but we still get the same
error so obviously it still isn't correct.

Well, I'm not sure I follow exactly. Here's what I did and what I have
1. I created a certificate for our company on the Certificate Authority on
the DC
2. I exported the certificate to a file and imported it into the
certificate
store on the test client.
3. I also used the Web Request method and that also installed the
certificate without a problem.

If I look at the both the client and the server I see the certificate in
the
Enterprise Trust.

But it does not work

I am in the process of converting our RRAS connections from PPTP to
L2TP.
We have the Certificate Service running on one of the domain servers and
have generated a private certificate. I have used several differt
methods
for getting the certificate onto an XP client for testing: using the Web
Request and using the direct File Import. Both of these worked and the
certicate appears in the client certificate store.

When we attempt to make the L2TP connection however we continue to get
"Error 781 The connection requires a certificate and no valid
certificate
was found". I've tried Google and searching Micorosft but all I find
are
explanations that yhou have to install a certificate blah blah blah,
all
of which we have done and verified using the methods described in the
various docs I found through Google. It APPEARS that everything is
correct
but clearly it isn't.

Can anyone shed some light on this?

Thanks
John
jrs_listsubs [AT] insyte [DOT] com [DOT] us (for obvious reasons don't
use
the 'dot us' part

If you dbl-click the cert in the client store, is ther any problem with
it?

General Tab:

Is it in-date? If the PCs clock is way out, then the cert can be
invalidated.
Is it's Intended Puropse correct?

In the Certification Path tab:

Is it's parentage good?

XP has root certs for commercial CAs installed by default, but your CA
will
need to have its root cert installed.

If the cert was created on your DC, then the Enterprise Cert Authority
root
cert from the DC Cert Server needs to be installed on the client before
the
client cert can be recognised.

Look in the Trusted Root Cert Authorites for your Enterprise CA. If it's
not
listed, the client can't verify the cert.

If necessary, get the root cert and install it on the client.