Solved

(VPN) Error 798: A certificate could not be found that can be used with this Extensible Authentication Protocol.

Posted on 2004-09-21
4
19,142 Views
Last Modified: 2016-11-20
This is the error I receive after creating a new VPN connection from a windows 2000 client. My VPN setup is a test environment with a windows 2003 RRAS as well as a Windows 2003 domain controller running IIS and Certificate services.

I enrolled the certificates by establishing a pptp connection and then accessing the web enrollment webpage. I used request a certificate | advanced certificate request | Create and submit a request to this CA. From in there I filled out the form ensuring to create a new key set as well as checking the box to store the certificate in the local computer certificate store and not the local user as I read this can help.

Any ideas?

Jason.
0
Comment
Question by:Mooligan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
ID: 12117755
Hi again (posted in your old question).  I use the same method as you to acquire the cert but I don't request the same one... I use a User cert to do EAP.  The steps I followed exactly was in the 2nd link I posted last time in your other question...the section about requesting certs is near the end of the article.  By the way, ignore all the setup stuff up top as you've already got the Cert Server working (no need for RADIUS, etc).

http://www.isaserver.org/tutorials/Configuring_the_VPN_Client_and_Server_to_Support_CertificateBased_PPTP_EAPTLS_Authentication__Part_2.html

Hopefully, the link helps as it did for me.  By the way, if you get an Error 801 when you try to connect (this is after you try out the User cert method), uncheck the "validate cert" in the options - be that it may be a firewall issue on my server but when this option is checked on, the VPN doesn't connect.  Also, the article uses a 2000 Pro box to test the EAP, but I run XP for my users and the options are pretty much the same except for the "validate cert" section.

Good luck.
0
 

Author Comment

by:Mooligan
ID: 12159495
Thank's LimeSMJ!

That one line you mentioned, where you said you don't request the same cert, that you use a user cert pointed me in the right direction. I went to try requesting a user certificate but realized I couldn't, and then realized that I had setup a standalone CA instead of enterprise. I think I did this back troubleshooting a different issue but didn't realize it could have been the source of my problem.

So summary of my fix: Uninstall certificate services, and reinstall as an Enterprise CA and then request a -USER- certificate through the web enrollment.

Thanks again.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12164770
I see I see... yea.  I ran into the Standalone vs. Enterprise CA issue before as well.  I should have mentioned it.  Thanks for the points.
0
 

Expert Comment

by:nitin kumar
ID: 41894604
This is the error I receive when I tried executing VPN exe in my Rackspace server which is used to connect to the Azure Servers.

In the VPN Logs I get Exception of type 'DotRas.RasException' was thrown.

So, while I manually execute the VPN I get the error as "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"

So I opened the mmc in Rackspace server and checked the certificates on Local computer, I can see that the

client certificate is installed on Personal - > Certificates - > AzureVPN-Client

and root certificate in Trusted root certification store - > AzureVPN-Root

In the server logs I get the below error logged :

"The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again."

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


BUT I am not sure what is causing the issue.

Kindly suggest as it was working fine couple of days before but suddenly started crashing.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
OfficeMate Freezes on login or does not load after login credentials are input.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question