S
stephen
Hi,
I have set up 5 fresh windows 2003 boxes and have followed
the VPN lab document as close as possible.
I am trying to get a test lab up and running and have run
into into a few major problems and I have limited time
left to demo this to my business and a vocal Unix crowd.
I am using the Microsoft article :
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/windowsserver2003/deploy/confeat/r
motevpn.asp
with a future hope of swapping the WinXP box for a PDA
running Mobile 2003 with a wireless network being the
10.0.0.1 and 10.0.0.2.
But of course I need to get the WinXP CLIENT1 working
first.
After I got the PPTP scenario working (very fast) I ran
into a show stopper with the L2TP scenario in the above
mentioned document.
I end up with an error of: 789 and then after auto
reconnect the error goes to 792.
I followed the steps in the L2TP document and everything
seemed to work fine until of course I tried to connect to
the L2TP connection via the WinXP CLIENT1 box. The steps
I followed were:
1.) Into the DC and configured the automatic certificate
for a computer
2.) Then I did the gpudate on both the DC and VPN box. I
didn't do it on the IAS box ?
3.) I then logged the client into the intranet domain
network under the VPNUser. No problems, I could ping all
the 172.16.0.X boxes and resolve their hostname.domain and
I also checked that the certificate was loaded into
Certificates -> Personal -> Certificate and it was. A
certificate with the clienthostname.domain. I opened up
the certicate and reviewed it properties and there seemed
to be no problems.
4.) I then shutdown the CLIENT1 (XP box) and connected the
WinXP box back to the isolated Internet hub connection.
5.) Logged in again under VPNuser. This time the log on
took forever. Two Event Viewer application errors were
then generated. I quickly checked that I could ping the
VPN server (VPN1) at 10.0.0.2 and I could. It was
successful and the CLIENT1 had now taken on the 10.0.0.1
IP address.
The first of these application errors said:
Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not
exist or could not be contacted) Group Policy process is
aborted.
The second application error message (genertaed approx 1
min afterwards) said:
Automatic certificate enrollment for Local System failed
to contact the active directory. The specified domain
either does not exist or could not be contacted.
Enrollment will not be performed.
I thought both of these were fine as I wasn't connected
onto the intranet yet for the active directory links to be
performed ???
Anyway, then I setup the L2TP connection as it says in the
doco. I tried it with both mulitnode and LCP turned off
and on, rebooting and anything else etc.. etc..
The error I consistenly get is:
Connecting to 10.0.0.2
Error 789 : The L2TP connection failed bacause the
security layer encountered a processing error during
initial negotiations with the remote computer.
Then when it auto redials it gives me the next error:
Error 792:
The L2TP connection attempt failed because security
negotiation timed out.
LASTLY, I thought I would try the good ol PPTP connection
to see if it was still working and it was. The PPTP
connection was successful adn I could still access the web
site and c:\ on the iis1 box.
I have read some of the news items and found Tom's site
and book a must purchase for me (Does it use WIndows 2003
in the book ?)
I also checked the Root Certificate and found that is was
registered just fine int he Root Certificate folder and
that the hierarchy in the personal certificate was all OK.
Please help me get this demo up and running, I'm so close.
Cheers
Steve
I have set up 5 fresh windows 2003 boxes and have followed
the VPN lab document as close as possible.
I am trying to get a test lab up and running and have run
into into a few major problems and I have limited time
left to demo this to my business and a vocal Unix crowd.
I am using the Microsoft article :
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/windowsserver2003/deploy/confeat/r
motevpn.asp
with a future hope of swapping the WinXP box for a PDA
running Mobile 2003 with a wireless network being the
10.0.0.1 and 10.0.0.2.
But of course I need to get the WinXP CLIENT1 working
first.
After I got the PPTP scenario working (very fast) I ran
into a show stopper with the L2TP scenario in the above
mentioned document.
I end up with an error of: 789 and then after auto
reconnect the error goes to 792.
I followed the steps in the L2TP document and everything
seemed to work fine until of course I tried to connect to
the L2TP connection via the WinXP CLIENT1 box. The steps
I followed were:
1.) Into the DC and configured the automatic certificate
for a computer
2.) Then I did the gpudate on both the DC and VPN box. I
didn't do it on the IAS box ?
3.) I then logged the client into the intranet domain
network under the VPNUser. No problems, I could ping all
the 172.16.0.X boxes and resolve their hostname.domain and
I also checked that the certificate was loaded into
Certificates -> Personal -> Certificate and it was. A
certificate with the clienthostname.domain. I opened up
the certicate and reviewed it properties and there seemed
to be no problems.
4.) I then shutdown the CLIENT1 (XP box) and connected the
WinXP box back to the isolated Internet hub connection.
5.) Logged in again under VPNuser. This time the log on
took forever. Two Event Viewer application errors were
then generated. I quickly checked that I could ping the
VPN server (VPN1) at 10.0.0.2 and I could. It was
successful and the CLIENT1 had now taken on the 10.0.0.1
IP address.
The first of these application errors said:
Windows cannot obtain the domain controller name for your
computer network. (The specified domain either does not
exist or could not be contacted) Group Policy process is
aborted.
The second application error message (genertaed approx 1
min afterwards) said:
Automatic certificate enrollment for Local System failed
to contact the active directory. The specified domain
either does not exist or could not be contacted.
Enrollment will not be performed.
I thought both of these were fine as I wasn't connected
onto the intranet yet for the active directory links to be
performed ???
Anyway, then I setup the L2TP connection as it says in the
doco. I tried it with both mulitnode and LCP turned off
and on, rebooting and anything else etc.. etc..
The error I consistenly get is:
Connecting to 10.0.0.2
Error 789 : The L2TP connection failed bacause the
security layer encountered a processing error during
initial negotiations with the remote computer.
Then when it auto redials it gives me the next error:
Error 792:
The L2TP connection attempt failed because security
negotiation timed out.
LASTLY, I thought I would try the good ol PPTP connection
to see if it was still working and it was. The PPTP
connection was successful adn I could still access the web
site and c:\ on the iis1 box.
I have read some of the news items and found Tom's site
and book a must purchase for me (Does it use WIndows 2003
in the book ?)
I also checked the Root Certificate and found that is was
registered just fine int he Root Certificate folder and
that the hierarchy in the personal certificate was all OK.
Please help me get this demo up and running, I'm so close.
Cheers
Steve