L2TP VPN

[brad ellis]

I'm attempting to set up a L2TP VPN connection from an XP
box to a 2003 box. I have the CAL downloaded from the
2003 machine and installed on the XP machine. However,
when I go to connect, the response that comes back is
that there is not a valid machine license. I've tried
finding info on fixing this throughout MS' site but have
had no luck.

 

[Jeffrey Randow (MVP)]

Post back the exact error message.. AFAIK, there is no license error
message when you connect via any type of VPN connection...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[brad ellis]

I actually managed to get beyond this issue. However,
now when I try to connect, I get this one: "787
The L2TP connection attempt failed because the security
layer could not authenticate the remote computer."

 

[Janani V[MSFT]]

You may get this error due to one of the below reasons:

Check to see if the certificates on your machine and the server have not
expired.
Also ensure that that the username and password are correct.

 

[Jeffrey Randow (MVP)]

Unless you want to use the full blown certificate based L2TP VPN, you
might want to configure using preshared keys... This is available
under the Security tab of your VPN connection (and also must be set on
the server side).

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[brad ellis]

We would actually prefer to use the certificates and not
the preshared keys. The root certificate doesn't expire
until 2009 and the requested one doesn't expire until
2005. I am using my account to attempt to log in and it
is set to allow dial-ins (can do it fine on the PPTP.)

 

[Janani V[MSFT]]

Is there any error logged in the eventviewer on the client and server side?

 

[Jeffrey Randow (MVP)]

In that case, you need to make sure that the client gets a computer
certificate in addition to the user certificate... MSDN documentation
or
http://www.microsoft.com/windowsserver2003/technologies/networking/vpn/default.mspx
will give you information on how to do this...

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

 

[brad ellis]

So I would need certificates in both the local computer
certificate store as well as the current user certificate
store?

 

[Jeffrey Randow (MVP)]

To use L2TP in certificate mode? Yes... You need to have both
certificates...

See
http://www.microsoft.com/resources/...2003/standard/proddocs/en-us/sag_VPN_us26.asp

Jeffrey Randow (Windows Networking & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone