?
Solved

The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication. (Error 786)

Posted on 2010-01-05
3
Medium Priority
?
919 Views
Last Modified: 2013-12-04
Howdy all,

I have run into a situation where in the last month 3 users have been getting the below error message when trying to use their VPNs.

"The L2TP connection attempt failed because there is no valid machine certificate on your computer for security authentication. (Error 786)"

Other users are still working correctly, and from what I can tell nothing is wrong with the accounts of the users.  I checked the certificates both locally and on the CA server for the 3 accounts and they are still in their valid period (not expired yet).  The machines are in an Active Directory domain.

I have tried rebooting, gpupdate /force, group policy is set to autoenroll and renew, deleted the certificate off the CA server and the client and had it re-created (through rebooting as well as http://CA\certsrv, and I doublechecked the permissions of the RSA folder on the clients.

Any ideas?
0
Comment
Question by:aiscom
  • 2
3 Comments
 
LVL 2

Expert Comment

by:kortina
ID: 26186899
Golden rules of certificates

Is the date on the certificate within a valid range.

Is the certificate signed by a trusted Certification Authority, make sure BOTH the client and the Server trust the CA.

Does the name on the certificate match the URL (probably not so important for L2TP)

Can the server and client contact the CRL. The CRL is typically required, if the client and server cannot see a CRL with a valid date on it, things will fail.

Your message indicates that you are using Computer Certificates, not user certificates.

Make sure that you are checking the correct place.
Open MMC, add the Certificates snap-in and select "Computer Account"

This will show you the certificate store for the Computer. Make sure the certs in the "Personal" store of the COMPUTER are correct.


0
 

Author Comment

by:aiscom
ID: 26191578
Kortina, thanks for replying.

- Yes, the date on the certificate is within a valid range (as shown on the server and the client).
- Yes it is.
- I am not sure about this, but I can check.
- I am not sure.  How would I check the CRL?
- Correct, these are computer certificates.  I open the certificates on the PCs (lselecting computer account), and I can see the certificates in the Personal and in the Trusted Root Certificate folder.
0
 

Accepted Solution

by:
aiscom earned 0 total points
ID: 26194204
Very strange.  I just got it going, on all the users, by deleting the VPN connection and recreating it.  I also tried simply creating a second VPN connection and that one worked correctly as well.

Any clues as to why that might be?
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question