error 792

G

Guest

Looking for some help? I have set up a test lab to configure RRAS client/server. I can connect pptp with no problems. Though when I set up a preshared key or used a CA standalone scenario using IPSEC/L2TP I get an error message 792. I am connecting to a Server on the same subnet/Lan 192.168.1.3(server) and client(192.168.1.6). In creating the standalone certificate server I followed this article. http://techrepublic.com.com/5100-6268_11-1048126.html which worked fine. I've looked into certificate problems(both the client and server certificates are published in the personal folder), making sure a preshared key is cleared when using certificate Authority server etc, and I can't find an answer. If anyone has a suggestion I would appreciate it. Thanks.
 
S

Sharoon Shetty K [MSFT]

The server cert must be in the Local Computer cert store. Also, when you
configure the cert templates, make sure the server cert has the server
authentication purpose in Enhanced Key Usage extensions. Do not substitute
the "All" purpose for the "Server Authentication" purpose or the cert is
invalid.

If possible, use the Web enrollment tool to enroll the cert on the server.

If clients are domain members, you can auto enroll client computer
certificates (but not user certs) using Group Policy. That is a little
complicated to set up, but is much easier than manually installing certs on
all clients. Clients must have the Client Authentication purpose in EKU
extensions, not the "All" purpose.

Some resources that are recommended:
Step-by-Step Guide to Setting up a Certification Authority
http://www.microsoft.com/windows2000/techinfo/planning/security/casetupsteps.asp

Step-by-Step Guide to Advanced Certificate Management
http://www.microsoft.com/windows2000/techinfo/planning/security/advcertsteps.asp

"Network access authentication and certificates" in Windows Server 2003 IAS
or VPN Help, or on the web at
http://www.microsoft.com/resources/...003/standard/proddocs/en-us/sag_VPN_und15.asp.

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

Ben said:
Looking for some help? I have set up a test lab to configure RRAS
client/server. I can connect pptp with no problems. Though when I set up a
preshared key or used a CA standalone scenario using IPSEC/L2TP I get an
error message 792. I am connecting to a Server on the same subnet/Lan
192.168.1.3(server) and client(192.168.1.6). In creating the standalone
certificate server I followed this article. http://techrepublic.com.com/5100
-6268_11-1048126.html which worked fine. I've looked into certificate
problems(both the client and server certificates are published in the
personal folder), making sure a preshared key is cleared when using
certificate Authority server etc, and I can't find an answer. If anyone has
a suggestion I would appreciate it. Thanks.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top