Solved

Cannot connect to VPN through L2TP

Posted on 2010-11-08
9
902 Views
Last Modified: 2012-05-10
We have got a Server 2003 DC that was able to connect via VPN (PPTP and L2TP) and this crashed and had to be rebuilt completely. We now can't connect in through L2TP as this errors with
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

I have tried to set this to a pre-shared key to see if this would help but still get the same error. There is no NAT on the server also.
When the server was rebuilt it was renamed to the original server name but the 'Full computer name' wasn't and so is the default name that Windows install chooses (sort of svctag-456432 etc). Could this be the issue in case do i need to rename the DC properly ?

Thanks
0
Comment
Question by:Netexperts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34095332
VPN based on L2TP requires a certificate to estabilish connection. Did you also restore a certificate on a VPN server after rebuild?

Check also if you didn't enable a firewall on that server (port UPD 1701 is needed)

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34095350
OK, one more thing I missed. You renamed your DC, right? Probably there is also a CA role installed. So, certificate is not trusted on a VPN server because a CA has no valid certificate. You have 2 choices. Revert DC name to the proper one, restore also CA role with all certificates OR set up completely new certificates for VPN server and your clients. Redistribute them again.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34158666
Sorry for the late post. I've tried to export a new certificate but it still won't connect. Can you clarify exaclty what i need to do to get the certificate (i tried to create a cert template for IPSEC)

Thanks

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34182894
OK, you issued new computer certificate to your clients, right? Do you have Enterprise Edition of your 2003 server, where is CA component installed? It will simplify certificate's auto-enrollment in your domain environment (if not, you will do that manually).

Please check this Microsoft article, explaining how to prepare a computer certificate for L2TP VPN connection.
http://technet.microsoft.com/en-us/library/cc757207%28WS.10%29.aspx

Then, when you have the certificate you have to configure your VPN clients to be able using LT2P connections (by default they use PPTP). This Microsoft's article explains how to do that on the clients.
http://technet.microsoft.com/en-us/library/bb742553.aspx#ECAA

Please try to following these guides. If you will have any other questions, please contact me.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34187592
Thanks,

It's Standard edition
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333628
I've had Microsoft on and they confirmed that all the certificates are correct. I've tried to connect to the server from itself through l2tp but it's showing that the remote coputer did not respond. I've checked the logs and this shows up when it try to connect:
The communication device attached to port VPN4-127 is not functioning.
I've set static DHCP along with Dynamic in case it's this but it still won't connect although pptp is fine.
I've tried using pre-shared keys as well.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34333788
OK, maybe lt2p ports are not enabled on vpn server (at least 1)?

Krzysztof
l2tp-ports.JPG
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333846
They are there.

Thanks
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 34615603
We didn't manage to resolve this but points awarded for time taken to try and help.
Many Thanks
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
change home folder path 4 68
Robocopy Doesn't Retain Shared Folders After Copying 5 85
AD account Auto logoff 1 57
BgInfo help 5 106
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question