Solved

Cannot connect to VPN through L2TP

Posted on 2010-11-08
9
907 Views
Last Modified: 2012-05-10
We have got a Server 2003 DC that was able to connect via VPN (PPTP and L2TP) and this crashed and had to be rebuilt completely. We now can't connect in through L2TP as this errors with
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

I have tried to set this to a pre-shared key to see if this would help but still get the same error. There is no NAT on the server also.
When the server was rebuilt it was renamed to the original server name but the 'Full computer name' wasn't and so is the default name that Windows install chooses (sort of svctag-456432 etc). Could this be the issue in case do i need to rename the DC properly ?

Thanks
0
Comment
Question by:Netexperts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34095332
VPN based on L2TP requires a certificate to estabilish connection. Did you also restore a certificate on a VPN server after rebuild?

Check also if you didn't enable a firewall on that server (port UPD 1701 is needed)

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34095350
OK, one more thing I missed. You renamed your DC, right? Probably there is also a CA role installed. So, certificate is not trusted on a VPN server because a CA has no valid certificate. You have 2 choices. Revert DC name to the proper one, restore also CA role with all certificates OR set up completely new certificates for VPN server and your clients. Redistribute them again.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34158666
Sorry for the late post. I've tried to export a new certificate but it still won't connect. Can you clarify exaclty what i need to do to get the certificate (i tried to create a cert template for IPSEC)

Thanks

0
Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34182894
OK, you issued new computer certificate to your clients, right? Do you have Enterprise Edition of your 2003 server, where is CA component installed? It will simplify certificate's auto-enrollment in your domain environment (if not, you will do that manually).

Please check this Microsoft article, explaining how to prepare a computer certificate for L2TP VPN connection.
http://technet.microsoft.com/en-us/library/cc757207%28WS.10%29.aspx

Then, when you have the certificate you have to configure your VPN clients to be able using LT2P connections (by default they use PPTP). This Microsoft's article explains how to do that on the clients.
http://technet.microsoft.com/en-us/library/bb742553.aspx#ECAA

Please try to following these guides. If you will have any other questions, please contact me.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34187592
Thanks,

It's Standard edition
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333628
I've had Microsoft on and they confirmed that all the certificates are correct. I've tried to connect to the server from itself through l2tp but it's showing that the remote coputer did not respond. I've checked the logs and this shows up when it try to connect:
The communication device attached to port VPN4-127 is not functioning.
I've set static DHCP along with Dynamic in case it's this but it still won't connect although pptp is fine.
I've tried using pre-shared keys as well.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34333788
OK, maybe lt2p ports are not enabled on vpn server (at least 1)?

Krzysztof
l2tp-ports.JPG
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333846
They are there.

Thanks
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 34615603
We didn't manage to resolve this but points awarded for time taken to try and help.
Many Thanks
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question