Solved

(VPN) Error 798: A certificate could not be found that can be used with this Extensible Authentication Protocol.

Posted on 2004-09-21
4
17,622 Views
Last Modified: 2016-11-20
This is the error I receive after creating a new VPN connection from a windows 2000 client. My VPN setup is a test environment with a windows 2003 RRAS as well as a Windows 2003 domain controller running IIS and Certificate services.

I enrolled the certificates by establishing a pptp connection and then accessing the web enrollment webpage. I used request a certificate | advanced certificate request | Create and submit a request to this CA. From in there I filled out the form ensuring to create a new key set as well as checking the box to store the certificate in the local computer certificate store and not the local user as I read this can help.

Any ideas?

Jason.
0
Comment
Question by:Mooligan
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
ID: 12117755
Hi again (posted in your old question).  I use the same method as you to acquire the cert but I don't request the same one... I use a User cert to do EAP.  The steps I followed exactly was in the 2nd link I posted last time in your other question...the section about requesting certs is near the end of the article.  By the way, ignore all the setup stuff up top as you've already got the Cert Server working (no need for RADIUS, etc).

http://www.isaserver.org/tutorials/Configuring_the_VPN_Client_and_Server_to_Support_CertificateBased_PPTP_EAPTLS_Authentication__Part_2.html

Hopefully, the link helps as it did for me.  By the way, if you get an Error 801 when you try to connect (this is after you try out the User cert method), uncheck the "validate cert" in the options - be that it may be a firewall issue on my server but when this option is checked on, the VPN doesn't connect.  Also, the article uses a 2000 Pro box to test the EAP, but I run XP for my users and the options are pretty much the same except for the "validate cert" section.

Good luck.
0
 

Author Comment

by:Mooligan
ID: 12159495
Thank's LimeSMJ!

That one line you mentioned, where you said you don't request the same cert, that you use a user cert pointed me in the right direction. I went to try requesting a user certificate but realized I couldn't, and then realized that I had setup a standalone CA instead of enterprise. I think I did this back troubleshooting a different issue but didn't realize it could have been the source of my problem.

So summary of my fix: Uninstall certificate services, and reinstall as an Enterprise CA and then request a -USER- certificate through the web enrollment.

Thanks again.
0
 
LVL 7

Expert Comment

by:LimeSMJ
ID: 12164770
I see I see... yea.  I ran into the Standalone vs. Enterprise CA issue before as well.  I should have mentioned it.  Thanks for the points.
0
 

Expert Comment

by:nitin kumar
ID: 41894604
This is the error I receive when I tried executing VPN exe in my Rackspace server which is used to connect to the Azure Servers.

In the VPN Logs I get Exception of type 'DotRas.RasException' was thrown.

So, while I manually execute the VPN I get the error as "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"

So I opened the mmc in Rackspace server and checked the certificates on Local computer, I can see that the

client certificate is installed on Personal - > Certificates - > AzureVPN-Client

and root certificate in Trusted root certification store - > AzureVPN-Root

In the server logs I get the below error logged :

"The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again."

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


BUT I am not sure what is causing the issue.

Kindly suggest as it was working fine couple of days before but suddenly started crashing.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question