L2TP VPN Unconnectable Through TS

M

Matt Yurek

I have a W2K3 Server CMAK-generated L2TP VPN connection installed on a
Windows 2000 Server machine. This machine is behind an ISA2000 SecureNAT
router and has the NAT-T hotfix installed.

When I open the VPN connection from the local machine, it connects fine and
works as expected. However, when I use Terminal Services to access the
machine remotely, and I try to open the VPN connection, it *immediately*
times out with the following error (no multi-second pause like there would
be with a machine with a bad certificate, etc.):

"The L2TP connection attempt failed because the
security layer encountered a processing error during
initial negotiations with the remote computer. (Error 789)
For customized troubleshooting information for this
connection, click Help."

If I switch the connection over to a PPTP connection, it works 100% fine
through TS. Same CMAK connection, same remote W2K3 RAS server, same account
information, same authentication method.

Here's my workaround; I don't like it much, but it works:
1. I have a batch file with a single line that calls rasdial and launches
the VPN connection & authenticates.
2. I have the batch file set up as a scheduled task on the W2K server.
3. The scheduled task launches automatically when I log on. The VPN
connects OK and I can use it.
4. If the VPN connection drops, I have to re-run the scheduled task to
get re-connected, or log out/log in.

Does anyone know of a "real" fix for this issue?

Thanks in advance,
Y
 
A

Alan Wood [MSFT]

Hi Matt,
You can't use L2TP with Certificates in an Terminal Session. It won't
work... You can use a preshared keys only.

Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 
M

Matt Yurek

Is there any chance of a workaround or patch for this? Is it a technical
reason that this is not allowed? Is it by design or an oversight?

Thanks in advance - I'm a huge fan of getting into the details of these
types of issues.

-Matt
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top