Error 786

G

Guest

My client (Windows 2003 SP3 w/NAT-T patch and 128-bin encryption pack)
displays the following error when trying to connect with my IPSEC server:
Error 786: The L2TP connection attempt failed because there is no
valid machine certificate on your computer for security authentication.

I have the following server "errors" in C:\WINDOWS\Debug\oakley.log
Not storing Peer's cert chain in SA.
failed to get chain 80092004
Received no valid CRPs.
IKE failed to find valid machine certificate

Can anyone read this log file and tell me what is wrong.
I've verified the certificates (valid serial numbers, CA paths, expiration dates etc).
All the services are running, IPSEC, RRAS, IAS, ...

Everything seems to be working, (even NAT-T, see port switch from 500 to 4500),
except it can't find my certificate, which IS stored in the machine store!!!!

Here's the entire oakley.log:

1-12: 19:16:41:968:360 Receive: (get) SA = 0x00000000 from 68.227.86.101.500
1-12: 19:16:41:968:360 ISAKMP Header: (V1.0), len = 292
1-12: 19:16:41:968:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:41:968:360 R-COOKIE 0000000000000000
1-12: 19:16:41:968:360 exchange: Oakley Main Mode
1-12: 19:16:41:968:360 flags: 0
1-12: 19:16:41:968:360 next payload: SA
1-12: 19:16:41:968:360 message ID: 00000000
1-12: 19:16:41:968:360 Filter to match: Src 68.227.86.101 Dst 192.168.23.132
1-12: 19:16:41:968:360 MM PolicyName: 1
1-12: 19:16:41:968:360 MMPolicy dwFlags 2 SoftSAExpireTime 28800
1-12: 19:16:41:968:360 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-12: 19:16:41:968:360 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
1-12: 19:16:41:968:360 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-12: 19:16:41:968:360 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
1-12: 19:16:41:968:360 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1
1-12: 19:16:41:968:360 MMOffer[2] Encrypt: DES CBC Hash: SHA
1-12: 19:16:41:968:360 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
1-12: 19:16:41:968:360 MMOffer[3] Encrypt: DES CBC Hash: MD5
1-12: 19:16:41:968:360 Auth[0]:RSA Sig DC=com, DC=callwave, CN=CWSARCA AuthFlags 0
1-12: 19:16:41:968:360 Created new SA 3e9ed98
1-12: 19:16:41:968:360 Responding with new SA 3e9ed98
1-12: 19:16:41:968:360 processing payload SA
1-12: 19:16:41:968:360 Received Phase 1 Transform 1
1-12: 19:16:41:968:360 Encryption Alg Triple DES CBC(5)
1-12: 19:16:41:968:360 Hash Alg SHA(2)
1-12: 19:16:41:968:360 Oakley Group 14
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 2
1-12: 19:16:41:968:360 Encryption Alg Triple DES CBC(5)
1-12: 19:16:41:968:360 Hash Alg SHA(2)
1-12: 19:16:41:968:360 Oakley Group 2
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 3
1-12: 19:16:41:968:360 Encryption Alg Triple DES CBC(5)
1-12: 19:16:41:968:360 Hash Alg MD5(1)
1-12: 19:16:41:968:360 Oakley Group 2
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 4
1-12: 19:16:41:968:360 Encryption Alg DES CBC(1)
1-12: 19:16:41:968:360 Hash Alg SHA(2)
1-12: 19:16:41:968:360 Oakley Group 1
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 5
1-12: 19:16:41:968:360 Encryption Alg DES CBC(1)
1-12: 19:16:41:968:360 Hash Alg MD5(1)
1-12: 19:16:41:968:360 Oakley Group 1
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:984:360 Phase 1 SA accepted: transform=2
1-12: 19:16:41:984:360 SA - Oakley proposal accepted
1-12: 19:16:41:984:360 processing payload VENDOR ID
1-12: 19:16:41:984:360 Vendor ID 1e2b516905991c7d7c96fcbfb587e461
1-12: 19:16:41:984:360 00000002
1-12: 19:16:41:984:360 Received VendorId MS NT5 ISAKMPOAKLEY
1-12: 19:16:41:984:360 Setting VendorId 1
1-12: 19:16:41:984:360 Setting PeerVersion 2
1-12: 19:16:41:984:360 processing payload VENDOR ID
1-12: 19:16:41:984:360 Vendor ID 4048b7d56ebce88525e7de7f00d6c2d3
1-12: 19:16:41:984:360
1-12: 19:16:41:984:360 Received VendorId FRAGMENTATION
1-12: 19:16:41:984:360 Setting VendorId 17
1-12: 19:16:41:984:360 processing payload VENDOR ID
1-12: 19:16:41:984:360 Vendor ID 90cb80913ebb696e086381b5ec427b1f
1-12: 19:16:41:984:360
1-12: 19:16:41:984:360 Received VendorId draft-ietf-ipsec-nat-t-ike-02
1-12: 19:16:41:984:360 Setting VendorId 21
1-12: 19:16:41:984:360 ClearFragList
1-12: 19:16:41:984:360 In state OAK_MM_SA_SETUP
1-12: 19:16:41:984:360 constructing ISAKMP Header
1-12: 19:16:41:984:360 constructing SA (ISAKMP)
1-12: 19:16:41:984:360 Constructing Vendor MS NT5 ISAKMPOAKLEY
1-12: 19:16:41:984:360 Constructing Vendor FRAGMENTATION
1-12: 19:16:41:984:360 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
1-12: 19:16:41:984:360 send_request SA 03E9ED98 centry 00000000 RetryType 2 Context 00000000
1-12: 19:16:41:984:360 TotalActiveTimers++ 2
1-12: 19:16:41:984:360 Inserting entry 03E72CF8 in slot 10 CurWheelIndex 10 delta 1000
1-12: 19:16:41:984:360 Setting Retransmit: sa 3e9ed98 handle 3e72cf8 context a31d0
1-12: 19:16:41:984:360
1-12: 19:16:41:984:360 Sending: SA = 0x03E9ED98 to 68.227.86.101:Type 2.500
1-12: 19:16:41:984:360 ISAKMP Header: (V1.0), len = 148
1-12: 19:16:41:984:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:41:984:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:41:984:360 exchange: Oakley Main Mode
1-12: 19:16:41:984:360 flags: 0
1-12: 19:16:41:984:360 next payload: SA
1-12: 19:16:41:984:360 message ID: 00000000
1-12: 19:16:41:984:360 Ports S:f401 D:f401
1-12: 19:16:41:984:360 Worker exiting
1-12: 19:16:42:187:59c Queuing work item, packetsize 232
1-12: 19:16:42:187:360
1-12: 19:16:42:187:360 Receive: (get) SA = 0x03e9ed98 from 68.227.86.101.500
1-12: 19:16:42:187:360 ISAKMP Header: (V1.0), len = 232
1-12: 19:16:42:187:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:187:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:187:360 exchange: Oakley Main Mode
1-12: 19:16:42:187:360 flags: 0
1-12: 19:16:42:187:360 next payload: KE
1-12: 19:16:42:187:360 message ID: 00000000
1-12: 19:16:42:187:360 processing payload KE
1-12: 19:16:42:312:360 Generated 128 byte Shared Secret
1-12: 19:16:42:312:360 KE processed; DH shared secret computed
1-12: 19:16:42:312:360 processing payload NONCE
1-12: 19:16:42:312:360 PTID 129 PKTYPE 130
1-12: 19:16:42:312:360 PTID 130 PKTYPE 130
1-12: 19:16:42:312:360 processing payload NATDISC
1-12: 19:16:42:312:360 Processing NatHash
1-12: 19:16:42:312:360 Nat hash d134be7cec42120a8810b124b0e96c63
1-12: 19:16:42:312:360 9c718277
1-12: 19:16:42:312:360 SA StateMask2 1e
1-12: 19:16:42:312:360 PTID 129 PKTYPE 130
1-12: 19:16:42:312:360 PTID 130 PKTYPE 130
1-12: 19:16:42:312:360 processing payload NATDISC
1-12: 19:16:42:312:360 Processing NatHash
1-12: 19:16:42:312:360 Nat hash 6a056f3dc77beebcec22da0881611032
1-12: 19:16:42:312:360 160fd54e
1-12: 19:16:42:328:360 SA StateMask2 5e
1-12: 19:16:42:343:360 ClearFragList
1-12: 19:16:42:343:360 In state OAK_MM_Key_EXCH
1-12: 19:16:42:343:360 Peer behind NAT
1-12: 19:16:42:343:360 constructing ISAKMP Header
1-12: 19:16:42:343:360 constructing KE
1-12: 19:16:42:343:360 constructing NONCE (ISAKMP)
1-12: 19:16:42:343:360 Constructing Cert Request
1-12: 19:16:42:343:360 DC=com, DC=callwave, CN=CWSARCA
1-12: 19:16:42:343:360 Constructing NatDisc
1-12: 19:16:42:343:360 Floated Ports Orig Me:f401 Peer:f401
1-12: 19:16:42:343:360 Floated Ports Me:9411 Peer:0
1-12: 19:16:42:343:360 send_request SA 03E9ED98 centry 00000000 RetryType 2 Context 000A31D0
1-12: 19:16:42:343:360 TotalActiveTimers--2 1
1-12: 19:16:42:343:360 TotalActiveTimers++ 2
1-12: 19:16:42:343:360 Inserting entry 03E72CF8 in slot 10 CurWheelIndex 10 delta 1000
1-12: 19:16:42:343:360
1-12: 19:16:42:343:360 Sending: SA = 0x03E9ED98 to 68.227.86.101:Type 2.500
1-12: 19:16:42:343:360 ISAKMP Header: (V1.0), len = 304
1-12: 19:16:42:343:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:343:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:343:360 exchange: Oakley Main Mode
1-12: 19:16:42:343:360 flags: 0
1-12: 19:16:42:343:360 next payload: KE
1-12: 19:16:42:343:360 message ID: 00000000
1-12: 19:16:42:343:360 Ports S:f401 D:f401
1-12: 19:16:42:343:360 Worker exiting
1-12: 19:16:42:578:59c Queuing work item, packetsize 1828
1-12: 19:16:42:578:360
1-12: 19:16:42:578:360 Receive: (get) SA = 0x03e9ed98 from 68.227.86.101.4500
1-12: 19:16:42:578:360 ISAKMP Header: (V1.0), len = 1828
1-12: 19:16:42:578:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:578:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:578:360 exchange: Oakley Main Mode
1-12: 19:16:42:578:360 flags: 1 ( encrypted )
1-12: 19:16:42:578:360 next payload: ID
1-12: 19:16:42:578:360 message ID: 00000000
1-12: 19:16:42:578:360 skeyid generated; crypto enabled (responder)
1-12: 19:16:42:578:360 processing payload ID
1-12: 19:16:42:578:360 Got Cert ID
1-12: 19:16:42:578:360 processing payload CERT
1-12: 19:16:42:578:360 processing payload CRP
1-12: 19:16:42:578:360 DC=com, DC=callwave, CN=CWSARCA
1-12: 19:16:42:578:360 processing payload SIG
1-12: 19:16:42:578:360 Verifying CertStore
1-12: 19:16:42:578:360 SubjectName: C=US, S=ca, L=santa barbara, O=callwave, OU=ops, CN=paul j company, [email protected]
1-12: 19:16:42:578:360 Cert Serialnumber 040000000000d090241a
1-12: 19:16:42:578:360 Cert SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad00
1-12: 19:16:42:578:360 4ecfa563
1-12: 19:16:42:578:360 Cert Trustes. 0 100
1-12: 19:16:42:578:360 SubjectName: C=US, S=ca, L=santa barbara, O=callwave, OU=ops, CN=paul j company, [email protected]
1-12: 19:16:42:578:360 Cert Serialnumber 040000000000d090241a
1-12: 19:16:42:578:360 Cert SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad00
1-12: 19:16:42:578:360 4ecfa563
1-12: 19:16:42:578:360 SubjectName: DC=com, DC=callwave, CN=CWSARCA
1-12: 19:16:42:578:360 Cert Serialnumber 613b341e1a72b34794ab4bdecc49ef1a
1-12: 19:16:42:578:360
1-12: 19:16:42:578:360 Cert SHA Thumbprint 53d98d93392c5e25a9d487f55a97d90b
1-12: 19:16:42:578:360 34d016ae

1-12: 19:16:42:578:360 No BasicConstraints in cert
1-12: 19:16:42:578:360 Subject names match

1-12: 19:16:42:578:360 Not storing Peer's cert chain in SA.
1-12: 19:16:42:578:360 Cert lifetime in seconds low 31621815, high 0
1-12: 19:16:42:578:360 Cert SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad00
1-12: 19:16:42:578:360 4ecfa563
1-12: 19:16:42:578:360 Entered CRL check
1-12: 19:16:42:609:360 Left CRL check
1-12: 19:16:42:609:360 Keylen in cert 1024
1-12: 19:16:42:609:360 Signature validated
1-12: 19:16:42:609:360 ClearFragList
1-12: 19:16:42:609:360 Setting SA timeout: 25920
1-12: 19:16:42:609:360 constructing ISAKMP Header
1-12: 19:16:42:609:360 constructing ID

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 Received no valid CRPs. Using all configured

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 ProcessFailure: sa:03E9ED98 centry:00000000 status:35ee
1-12: 19:16:42:609:360 isadb_set_status sa:03E9ED98 centry:00000000 status 35ee
1-12: 19:16:42:609:360 Stopping RetransTimer sa:03E9ED98 centry:00000000 handle:03E72CF8
1-12: 19:16:42:609:360 TotalActiveTimers--2 1
1-12: 19:16:42:609:360 Key Exchange Mode (Main Mode)
1-12: 19:16:42:609:360 Source IP Address 192.168.23.132 Source IP Address Mask 255.255.255.255 Destination IP Address 68.227.86.101 Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0 Destination Port 0 IKE Local Addr 192.168.23.132 IKE Peer Addr 68.227.86.101 IKE Source Port 4500 IKE Destination Port 0 Peer Private Addr
1-12: 19:16:42:609:360 Certificate based Identity. Peer Subject C=US, S=ca, L=santa barbara, O=callwave, OU=ops, CN=paul j company, [email protected] Peer SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad004ecfa563 Peer Issuing Certificate Authority DC=com, DC=callwave, CN=CWSARCA Root Certificate Authority My Subject My SHA Thumbprint 0000000000000000000000000000000000000000 Peer IP Address: 68.227.86.101
1-12: 19:16:42:609:360 Me

1-12: 19:16:42:609:360 IKE failed to find valid machine certificate
1-12: 19:16:42:609:360 Processed second (KE) payload Responder. Delta Time 1 0x80092004 0x0
1-12: 19:16:42:609:360 ProcessFailure: sa:03E9ED98 centry:00000000 status:35ee
1-12: 19:16:42:609:360 constructing ISAKMP Header
1-12: 19:16:42:609:360 constructing HASH (null)
1-12: 19:16:42:609:360 constructing NOTIFY 28
1-12: 19:16:42:609:360 constructing HASH (Notify/Delete)
1-12: 19:16:42:609:360 Construct ND hash message len = 28 pcklen=80 hashlen=20
1-12: 19:16:42:609:360 send_request SA 03E9ED98 centry 00000000 RetryType 1 Context 00000000
1-12: 19:16:42:609:360
1-12: 19:16:42:609:360 Sending: SA = 0x03E9ED98 to 68.227.86.101:Type 1.500
1-12: 19:16:42:609:360 ISAKMP Header: (V1.0), len = 84
1-12: 19:16:42:609:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:609:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:609:360 exchange: ISAKMP Informational Exchange
1-12: 19:16:42:609:360 flags: 1 ( encrypted )
1-12: 19:16:42:609:360 next payload: HASH
1-12: 19:16:42:609:360 message ID: 37ae7aaa
1-12: 19:16:42:609:360 Ports S:f401 D:f401
1-12: 19:16:42:609:360 Worker exiting
1-12: 19:16:42:703:59c Queuing work item, packetsize 84
1-12: 19:16:42:703:360
1-12: 19:16:42:703:360 Receive: (get) SA = 0x03e9ed98 from 68.227.86.101.4500
1-12: 19:16:42:703:360 ISAKMP Header: (V1.0), len = 84
1-12: 19:16:42:703:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:703:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:703:360 exchange: ISAKMP Informational Exchange
1-12: 19:16:42:703:360 flags: 1 ( encrypted )
1-12: 19:16:42:703:360 next payload: HASH
1-12: 19:16:42:703:360 message ID: d558f2b6
1-12: 19:16:42:703:360 processing HASH (Notify/Delete)
1-12: 19:16:42:703:360 processing payload DELETE
1-12: 19:16:42:703:360 SA Dead. sa:03E9ED98 status:35ef
1-12: 19:16:42:703:360 Worker exiting
1-12: 19:16:48:921:360 Reaper deleting SA 3e9ed98
1-12: 19:16:48:921:360 Trying Node (Remove) 03E9ED98
1-12: 19:16:48:921:360 Deleting SA 03E9ED98
1-12: 19:16:48:921:360 ClearFragList
1-12: 19:16:48:921:360 Freeing context 000A31D0 timerhandle 03E72CF8
1-12: 19:16:48:921:360 Freeing context 000A32A0 timerhandle 03E9BA78
1-12: 19:16:48:921:360 Cancelling Timeout 3e9ba78
 
S

Sharoon Shetty K [MSFT]

Hi Paul,

The logs indicate that probably the root CAhas been installed in the
personal store. The certificate.pfx must be installed in personal store and
certificate.cer in trusted root CA. If we put certificate.cer in both
places, it fails with the error 786. I was able to repro this error in the
mentioned scenario.

Hope this helps!

Thanks, Sharoon

paul said:
My client (Windows 2003 SP3 w/NAT-T patch and 128-bin encryption pack)
displays the following error when trying to connect with my IPSEC server:
Error 786: The L2TP connection attempt failed because there is no
valid machine certificate on your computer for security authentication.

I have the following server "errors" in C:\WINDOWS\Debug\oakley.log
Not storing Peer's cert chain in SA.
failed to get chain 80092004
Received no valid CRPs.
IKE failed to find valid machine certificate

Can anyone read this log file and tell me what is wrong.
I've verified the certificates (valid serial numbers, CA paths, expiration dates etc).
All the services are running, IPSEC, RRAS, IAS, ...

Everything seems to be working, (even NAT-T, see port switch from 500 to 4500),
except it can't find my certificate, which IS stored in the machine store!!!!

Here's the entire oakley.log:

1-12: 19:16:41:968:360 Receive: (get) SA = 0x00000000 from 68.227.86.101.500
1-12: 19:16:41:968:360 ISAKMP Header: (V1.0), len = 292
1-12: 19:16:41:968:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:41:968:360 R-COOKIE 0000000000000000
1-12: 19:16:41:968:360 exchange: Oakley Main Mode
1-12: 19:16:41:968:360 flags: 0
1-12: 19:16:41:968:360 next payload: SA
1-12: 19:16:41:968:360 message ID: 00000000
1-12: 19:16:41:968:360 Filter to match: Src 68.227.86.101 Dst 192.168.23.132
1-12: 19:16:41:968:360 MM PolicyName: 1
1-12: 19:16:41:968:360 MMPolicy dwFlags 2 SoftSAExpireTime 28800
1-12: 19:16:41:968:360 MMOffer[0] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-12: 19:16:41:968:360 MMOffer[0] Encrypt: Triple DES CBC Hash: SHA
1-12: 19:16:41:968:360 MMOffer[1] LifetimeSec 28800 QMLimit 0 DHGroup 2
1-12: 19:16:41:968:360 MMOffer[1] Encrypt: Triple DES CBC Hash: MD5
1-12: 19:16:41:968:360 MMOffer[2] LifetimeSec 28800 QMLimit 0 DHGroup 1
1-12: 19:16:41:968:360 MMOffer[2] Encrypt: DES CBC Hash: SHA
1-12: 19:16:41:968:360 MMOffer[3] LifetimeSec 28800 QMLimit 0 DHGroup 1
1-12: 19:16:41:968:360 MMOffer[3] Encrypt: DES CBC Hash: MD5
1-12: 19:16:41:968:360 Auth[0]:RSA Sig DC=com, DC=callwave, CN=CWSARCA AuthFlags 0
1-12: 19:16:41:968:360 Created new SA 3e9ed98
1-12: 19:16:41:968:360 Responding with new SA 3e9ed98
1-12: 19:16:41:968:360 processing payload SA
1-12: 19:16:41:968:360 Received Phase 1 Transform 1
1-12: 19:16:41:968:360 Encryption Alg Triple DES CBC(5)
1-12: 19:16:41:968:360 Hash Alg SHA(2)
1-12: 19:16:41:968:360 Oakley Group 14
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 2
1-12: 19:16:41:968:360 Encryption Alg Triple DES CBC(5)
1-12: 19:16:41:968:360 Hash Alg SHA(2)
1-12: 19:16:41:968:360 Oakley Group 2
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 3
1-12: 19:16:41:968:360 Encryption Alg Triple DES CBC(5)
1-12: 19:16:41:968:360 Hash Alg MD5(1)
1-12: 19:16:41:968:360 Oakley Group 2
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 4
1-12: 19:16:41:968:360 Encryption Alg DES CBC(1)
1-12: 19:16:41:968:360 Hash Alg SHA(2)
1-12: 19:16:41:968:360 Oakley Group 1
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:968:360 Received Phase 1 Transform 5
1-12: 19:16:41:968:360 Encryption Alg DES CBC(1)
1-12: 19:16:41:968:360 Hash Alg MD5(1)
1-12: 19:16:41:968:360 Oakley Group 1
1-12: 19:16:41:968:360 Auth Method RSA Signature with Certificates(3)
1-12: 19:16:41:968:360 Life type in Seconds
1-12: 19:16:41:968:360 Life duration of 28800
1-12: 19:16:41:984:360 Phase 1 SA accepted: transform=2
1-12: 19:16:41:984:360 SA - Oakley proposal accepted
1-12: 19:16:41:984:360 processing payload VENDOR ID
1-12: 19:16:41:984:360 Vendor ID 1e2b516905991c7d7c96fcbfb587e461
1-12: 19:16:41:984:360 00000002
1-12: 19:16:41:984:360 Received VendorId MS NT5 ISAKMPOAKLEY
1-12: 19:16:41:984:360 Setting VendorId 1
1-12: 19:16:41:984:360 Setting PeerVersion 2
1-12: 19:16:41:984:360 processing payload VENDOR ID
1-12: 19:16:41:984:360 Vendor ID 4048b7d56ebce88525e7de7f00d6c2d3
1-12: 19:16:41:984:360
1-12: 19:16:41:984:360 Received VendorId FRAGMENTATION
1-12: 19:16:41:984:360 Setting VendorId 17
1-12: 19:16:41:984:360 processing payload VENDOR ID
1-12: 19:16:41:984:360 Vendor ID 90cb80913ebb696e086381b5ec427b1f
1-12: 19:16:41:984:360
1-12: 19:16:41:984:360 Received VendorId draft-ietf-ipsec-nat-t-ike-02
1-12: 19:16:41:984:360 Setting VendorId 21
1-12: 19:16:41:984:360 ClearFragList
1-12: 19:16:41:984:360 In state OAK_MM_SA_SETUP
1-12: 19:16:41:984:360 constructing ISAKMP Header
1-12: 19:16:41:984:360 constructing SA (ISAKMP)
1-12: 19:16:41:984:360 Constructing Vendor MS NT5 ISAKMPOAKLEY
1-12: 19:16:41:984:360 Constructing Vendor FRAGMENTATION
1-12: 19:16:41:984:360 Constructing Vendor draft-ietf-ipsec-nat-t-ike-02
1-12: 19:16:41:984:360 send_request SA 03E9ED98 centry 00000000 RetryType 2 Context 00000000
1-12: 19:16:41:984:360 TotalActiveTimers++ 2
1-12: 19:16:41:984:360 Inserting entry 03E72CF8 in slot 10 CurWheelIndex 10 delta 1000
1-12: 19:16:41:984:360 Setting Retransmit: sa 3e9ed98 handle 3e72cf8 context a31d0
1-12: 19:16:41:984:360
1-12: 19:16:41:984:360 Sending: SA = 0x03E9ED98 to 68.227.86.101:Type 2.500
1-12: 19:16:41:984:360 ISAKMP Header: (V1.0), len = 148
1-12: 19:16:41:984:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:41:984:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:41:984:360 exchange: Oakley Main Mode
1-12: 19:16:41:984:360 flags: 0
1-12: 19:16:41:984:360 next payload: SA
1-12: 19:16:41:984:360 message ID: 00000000
1-12: 19:16:41:984:360 Ports S:f401 D:f401
1-12: 19:16:41:984:360 Worker exiting
1-12: 19:16:42:187:59c Queuing work item, packetsize 232
1-12: 19:16:42:187:360
1-12: 19:16:42:187:360 Receive: (get) SA = 0x03e9ed98 from 68.227.86.101.500
1-12: 19:16:42:187:360 ISAKMP Header: (V1.0), len = 232
1-12: 19:16:42:187:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:187:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:187:360 exchange: Oakley Main Mode
1-12: 19:16:42:187:360 flags: 0
1-12: 19:16:42:187:360 next payload: KE
1-12: 19:16:42:187:360 message ID: 00000000
1-12: 19:16:42:187:360 processing payload KE
1-12: 19:16:42:312:360 Generated 128 byte Shared Secret
1-12: 19:16:42:312:360 KE processed; DH shared secret computed
1-12: 19:16:42:312:360 processing payload NONCE
1-12: 19:16:42:312:360 PTID 129 PKTYPE 130
1-12: 19:16:42:312:360 PTID 130 PKTYPE 130
1-12: 19:16:42:312:360 processing payload NATDISC
1-12: 19:16:42:312:360 Processing NatHash
1-12: 19:16:42:312:360 Nat hash d134be7cec42120a8810b124b0e96c63
1-12: 19:16:42:312:360 9c718277
1-12: 19:16:42:312:360 SA StateMask2 1e
1-12: 19:16:42:312:360 PTID 129 PKTYPE 130
1-12: 19:16:42:312:360 PTID 130 PKTYPE 130
1-12: 19:16:42:312:360 processing payload NATDISC
1-12: 19:16:42:312:360 Processing NatHash
1-12: 19:16:42:312:360 Nat hash 6a056f3dc77beebcec22da0881611032
1-12: 19:16:42:312:360 160fd54e
1-12: 19:16:42:328:360 SA StateMask2 5e
1-12: 19:16:42:343:360 ClearFragList
1-12: 19:16:42:343:360 In state OAK_MM_Key_EXCH
1-12: 19:16:42:343:360 Peer behind NAT
1-12: 19:16:42:343:360 constructing ISAKMP Header
1-12: 19:16:42:343:360 constructing KE
1-12: 19:16:42:343:360 constructing NONCE (ISAKMP)
1-12: 19:16:42:343:360 Constructing Cert Request
1-12: 19:16:42:343:360 DC=com, DC=callwave, CN=CWSARCA
1-12: 19:16:42:343:360 Constructing NatDisc
1-12: 19:16:42:343:360 Floated Ports Orig Me:f401 Peer:f401
1-12: 19:16:42:343:360 Floated Ports Me:9411 Peer:0
1-12: 19:16:42:343:360 send_request SA 03E9ED98 centry 00000000 RetryType 2 Context 000A31D0
1-12: 19:16:42:343:360 TotalActiveTimers--2 1
1-12: 19:16:42:343:360 TotalActiveTimers++ 2
1-12: 19:16:42:343:360 Inserting entry 03E72CF8 in slot 10 CurWheelIndex 10 delta 1000
1-12: 19:16:42:343:360
1-12: 19:16:42:343:360 Sending: SA = 0x03E9ED98 to 68.227.86.101:Type 2.500
1-12: 19:16:42:343:360 ISAKMP Header: (V1.0), len = 304
1-12: 19:16:42:343:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:343:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:343:360 exchange: Oakley Main Mode
1-12: 19:16:42:343:360 flags: 0
1-12: 19:16:42:343:360 next payload: KE
1-12: 19:16:42:343:360 message ID: 00000000
1-12: 19:16:42:343:360 Ports S:f401 D:f401
1-12: 19:16:42:343:360 Worker exiting
1-12: 19:16:42:578:59c Queuing work item, packetsize 1828
1-12: 19:16:42:578:360
1-12: 19:16:42:578:360 Receive: (get) SA = 0x03e9ed98 from 68.227.86.101.4500
1-12: 19:16:42:578:360 ISAKMP Header: (V1.0), len = 1828
1-12: 19:16:42:578:360 I-COOKIE 35b1e6610c033ba1
1-12: 19:16:42:578:360 R-COOKIE bbe6f106bf676b47
1-12: 19:16:42:578:360 exchange: Oakley Main Mode
1-12: 19:16:42:578:360 flags: 1 ( encrypted )
1-12: 19:16:42:578:360 next payload: ID
1-12: 19:16:42:578:360 message ID: 00000000
1-12: 19:16:42:578:360 skeyid generated; crypto enabled (responder)
1-12: 19:16:42:578:360 processing payload ID
1-12: 19:16:42:578:360 Got Cert ID
1-12: 19:16:42:578:360 processing payload CERT
1-12: 19:16:42:578:360 processing payload CRP
1-12: 19:16:42:578:360 DC=com, DC=callwave, CN=CWSARCA
1-12: 19:16:42:578:360 processing payload SIG
1-12: 19:16:42:578:360 Verifying CertStore
1-12: 19:16:42:578:360 SubjectName: C=US, S=ca, L=santa barbara,
Click to expand...
O=callwave, OU=ops, CN=paul j company, [email protected]
1-12: 19:16:42:578:360 Cert Serialnumber 040000000000d090241a
1-12: 19:16:42:578:360 Cert SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad00
1-12: 19:16:42:578:360 4ecfa563
1-12: 19:16:42:578:360 Cert Trustes. 0 100
1-12: 19:16:42:578:360 SubjectName: C=US, S=ca, L=santa barbara,
Click to expand...
O=callwave, OU=ops, CN=paul j company, [email protected]
1-12: 19:16:42:578:360 Cert Serialnumber 040000000000d090241a
1-12: 19:16:42:578:360 Cert SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad00
1-12: 19:16:42:578:360 4ecfa563
1-12: 19:16:42:578:360 SubjectName: DC=com, DC=callwave, CN=CWSARCA
1-12: 19:16:42:578:360 Cert Serialnumber 613b341e1a72b34794ab4bdecc49ef1a
1-12: 19:16:42:578:360
1-12: 19:16:42:578:360 Cert SHA Thumbprint 53d98d93392c5e25a9d487f55a97d90b
1-12: 19:16:42:578:360 34d016ae

1-12: 19:16:42:578:360 No BasicConstraints in cert
1-12: 19:16:42:578:360 Subject names match

1-12: 19:16:42:578:360 Not storing Peer's cert chain in SA.
1-12: 19:16:42:578:360 Cert lifetime in seconds low 31621815, high 0
1-12: 19:16:42:578:360 Cert SHA Thumbprint fe6eaeea4c3f0aa31e02a06ebfacad00
1-12: 19:16:42:578:360 4ecfa563
1-12: 19:16:42:578:360 Entered CRL check
1-12: 19:16:42:609:360 Left CRL check
1-12: 19:16:42:609:360 Keylen in cert 1024
1-12: 19:16:42:609:360 Signature validated
1-12: 19:16:42:609:360 ClearFragList
1-12: 19:16:42:609:360 Setting SA timeout: 25920
1-12: 19:16:42:609:360 constructing ISAKMP Header
1-12: 19:16:42:609:360 constructing ID

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 Received no valid CRPs. Using all configured

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for IPSec only cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 Cert Trustes. 0 100
1-12: 19:16:42:609:360 Ignoring root only chain

1-12: 19:16:42:609:360 Looking for any cert
1-12: 19:16:42:609:360 failed to get chain 80092004

1-12: 19:16:42:609:360 ProcessFailure: sa:03E9ED98 centry:00000000 status:35ee
1-12: 19:16:42:609:360 isadb_set_status sa:03E9ED98 centry:00000000 status 35ee
1-12: 19:16:42:609:360 Stopping RetransTimer sa:03E9ED98 centry:00000000 handle:03E72CF8
1-12: 19:16:42:609:360 TotalActiveTimers--2 1
1-12: 19:16:42:609:360 Key Exchange Mode (Main Mode)
1-12: 19:16:42:609:360 Source IP Address 192.168.23.132 Source IP
Click to expand...
Address Mask 255.255.255.255 Destination IP Address 68.227.86.101
Destination IP Address Mask 255.255.255.255 Protocol 0 Source Port 0
Destination Port 0 IKE Local Addr 192.168.23.132 IKE Peer Addr
68.227.86.101 IKE Source Port 4500 IKE Destination Port 0 Peer Private
Addr
1-12: 19:16:42:609:360 Certificate based Identity. Peer Subject C=US,
Click to expand...
S=ca, L=santa barbara, O=callwave, OU=ops, CN=paul j company,
[email protected] Peer SHA Thumbprint
fe6eaeea4c3f0aa31e02a06ebfacad004ecfa563 Peer Issuing Certificate Authority
DC=com, DC=callwave, CN=CWSARCA Root Certificate Authority My Subject
My SHA Thumbprint 0000000000000000000000000000000000000000 Peer IP Address:
68.227.86.101
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

WCG Stats Tuesday 17 December 2019 1
WCG Stats Sunday 15 December 2019 1
IKE failed to find valid machine certificate 3
WCG Stats Sunday 24 March 2019 3
WCG Stats Thursday 27 June 2019 2
WCG Stats Monday 24 December 2018 4
WCG Stats Saturday 29 December 2018 4
WCG Stats Saturday 18 May 2019 1

Top