Solved

(VPN) Error 798: A certificate could not be found that can be used with this Extensible Authentication Protocol.

Posted on 2004-09-21
4
16,740 Views
Last Modified: 2016-11-20
This is the error I receive after creating a new VPN connection from a windows 2000 client. My VPN setup is a test environment with a windows 2003 RRAS as well as a Windows 2003 domain controller running IIS and Certificate services.

I enrolled the certificates by establishing a pptp connection and then accessing the web enrollment webpage. I used request a certificate | advanced certificate request | Create and submit a request to this CA. From in there I filled out the form ensuring to create a new key set as well as checking the box to store the certificate in the local computer certificate store and not the local user as I read this can help.

Any ideas?

Jason.
0
Comment
Question by:Mooligan
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 500 total points
Comment Utility
Hi again (posted in your old question).  I use the same method as you to acquire the cert but I don't request the same one... I use a User cert to do EAP.  The steps I followed exactly was in the 2nd link I posted last time in your other question...the section about requesting certs is near the end of the article.  By the way, ignore all the setup stuff up top as you've already got the Cert Server working (no need for RADIUS, etc).

http://www.isaserver.org/tutorials/Configuring_the_VPN_Client_and_Server_to_Support_CertificateBased_PPTP_EAPTLS_Authentication__Part_2.html

Hopefully, the link helps as it did for me.  By the way, if you get an Error 801 when you try to connect (this is after you try out the User cert method), uncheck the "validate cert" in the options - be that it may be a firewall issue on my server but when this option is checked on, the VPN doesn't connect.  Also, the article uses a 2000 Pro box to test the EAP, but I run XP for my users and the options are pretty much the same except for the "validate cert" section.

Good luck.
0
 

Author Comment

by:Mooligan
Comment Utility
Thank's LimeSMJ!

That one line you mentioned, where you said you don't request the same cert, that you use a user cert pointed me in the right direction. I went to try requesting a user certificate but realized I couldn't, and then realized that I had setup a standalone CA instead of enterprise. I think I did this back troubleshooting a different issue but didn't realize it could have been the source of my problem.

So summary of my fix: Uninstall certificate services, and reinstall as an Enterprise CA and then request a -USER- certificate through the web enrollment.

Thanks again.
0
 
LVL 7

Expert Comment

by:LimeSMJ
Comment Utility
I see I see... yea.  I ran into the Standalone vs. Enterprise CA issue before as well.  I should have mentioned it.  Thanks for the points.
0
 

Expert Comment

by:nitin kumar
Comment Utility
This is the error I receive when I tried executing VPN exe in my Rackspace server which is used to connect to the Azure Servers.

In the VPN Logs I get Exception of type 'DotRas.RasException' was thrown.

So, while I manually execute the VPN I get the error as "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"

So I opened the mmc in Rackspace server and checked the certificates on Local computer, I can see that the

client certificate is installed on Personal - > Certificates - > AzureVPN-Client

and root certificate in Trusted root certification store - > AzureVPN-Root

In the server logs I get the below error logged :

"The initial Secure Socket Tunneling Protocol request could not be successfully sent to the server. This can be due to network connectivity issues or certificate (trust) issues. The detailed error message is provided below. Correct the problem and try again."

A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.


BUT I am not sure what is causing the issue.

Kindly suggest as it was working fine couple of days before but suddenly started crashing.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now