Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 20827
  • Last Modified:

(VPN) Error 798: A certificate could not be found that can be used with this Extensible Authentication Protocol.

This is the error I receive after creating a new VPN connection from a windows 2000 client. My VPN setup is a test environment with a windows 2003 RRAS as well as a Windows 2003 domain controller running IIS and Certificate services.

I enrolled the certificates by establishing a pptp connection and then accessing the web enrollment webpage. I used request a certificate | advanced certificate request | Create and submit a request to this CA. From in there I filled out the form ensuring to create a new key set as well as checking the box to store the certificate in the local computer certificate store and not the local user as I read this can help.

Any ideas?

Jason.
0
Mooligan
Asked:
Mooligan
  • 2
1 Solution
 
LimeSMJCommented:
Hi again (posted in your old question).  I use the same method as you to acquire the cert but I don't request the same one... I use a User cert to do EAP.  The steps I followed exactly was in the 2nd link I posted last time in your other question...the section about requesting certs is near the end of the article.  By the way, ignore all the setup stuff up top as you've already got the Cert Server working (no need for RADIUS, etc).

http://www.isaserver.org/tutorials/Configuring_the_VPN_Client_and_Server_to_Support_CertificateBased_PPTP_EAPTLS_Authentication__Part_2.html

Hopefully, the link helps as it did for me.  By the way, if you get an Error 801 when you try to connect (this is after you try out the User cert method), uncheck the "validate cert" in the options - be that it may be a firewall issue on my server but when this option is checked on, the VPN doesn't connect.  Also, the article uses a 2000 Pro box to test the EAP, but I run XP for my users and the options are pretty much the same except for the "validate cert" section.

Good luck.
0
 
MooliganAuthor Commented:
Thank's LimeSMJ!

That one line you mentioned, where you said you don't request the same cert, that you use a user cert pointed me in the right direction. I went to try requesting a user certificate but realized I couldn't, and then realized that I had setup a standalone CA instead of enterprise. I think I did this back troubleshooting a different issue but didn't realize it could have been the source of my problem.

So summary of my fix: Uninstall certificate services, and reinstall as an Enterprise CA and then request a -USER- certificate through the web enrollment.

Thanks again.
0
 
LimeSMJCommented:
I see I see... yea.  I ran into the Standalone vs. Enterprise CA issue before as well.  I should have mentioned it.  Thanks for the points.
0
 
nitin kumarCommented:
This is the error I receive when I tried executing VPN exe in my Rackspace server which is used to connect to the Azure Servers.

In the VPN Logs I get Exception of type 'DotRas.RasException' was thrown.

So, while I manually execute the VPN I get the error as "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"

So I opened the mmc in Rackspace server and checked the certificates on Local computer, I can see that the

client certificate is installed on Personal - > Certificates - > AzureVPN-Client

and root certificate in Trusted root certification store - > AzureVPN-Root

In the server logs I get the below error logged :

"The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again."

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


BUT I am not sure what is causing the issue.

Kindly suggest as it was working fine couple of days before but suddenly started crashing.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now