This is the error I receive after creating a new VPN connection from a windows 2000 client. My VPN setup is a test environment with a windows 2003 RRAS as well as a Windows 2003 domain controller running IIS and Certificate services.
I enrolled the certificates by establishing a pptp connection and then accessing the web enrollment webpage. I used request a certificate | advanced certificate request | Create and submit a request to this CA. From in there I filled out the form ensuring to create a new key set as well as checking the box to store the certificate in the local computer certificate store and not the local user as I read this can help.