RRAS L2TP Error 789


Alexander LAW

I am running Windows 2003 and RRAS. When I am trying to connect on the same
machine by local IP using L2TP, I get error 789. PPTP works fine. I tune
PPTP to use EAP (with my computer certificate) - everything works fine too.
System/Application event logs are clear.
I look into diagnostic log files - and found next:
[2036] 23:15:13: RasEnableIpSec(1)..
[2036] 23:15:13: RasEnableIpSec done. 0
[2036] 23:15:13: RasDoIke on hport 1...
[2036] 23:15:13: RasDoIke done. Err=0x315, Status=0x0
[2036] 23:15:13: RDM errors=789,0

[3348] 11-10 23:15:13:517: DwDoIke: port=VPN2-4, hEvent=0x169c
[3348] 11-10 23:15:13:517: Found primary ip address for this interface.
[3348] 11-10 23:15:13:517: DwGetBestInterface: done. rc=0x0,
address=0x100007f, mask=0xff
[3348] 11-10 23:15:13:517: DwDoIke failed to init negotiation. 0x3622
[3348] 11-10 23:15:13:517: DwDoIke: done. 0x315
[3348] 11-10 23:15:13:517: DwDoIke for port VPN2-4 returned 0x315
[3348] 11-10 23:15:13:517: DoIke done. 0x315

What is DwDoIke error 0x3622???

Thanks for help,



Karl A Mikesell

Here are the UDP ports to use L2TP/IPSec, since computer certificate is in

L2TP first uses UDP port 500 IKE (i.e. RAS do IKE)
in Windows Server 2003 it can also do NAT-T using UDP port 4500, and
the payload is sent using UDP 1701, these are fixed ports on both sides.

Be sure these UDP port are not blocked, and L2TP/IPSec should work.

Hope that helps.

Karl Mikesell MCSE

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question