?
Solved

Cannot connect to VPN through L2TP

Posted on 2010-11-08
9
Medium Priority
?
923 Views
Last Modified: 2012-05-10
We have got a Server 2003 DC that was able to connect via VPN (PPTP and L2TP) and this crashed and had to be rebuilt completely. We now can't connect in through L2TP as this errors with
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

I have tried to set this to a pre-shared key to see if this would help but still get the same error. There is no NAT on the server also.
When the server was rebuilt it was renamed to the original server name but the 'Full computer name' wasn't and so is the default name that Windows install chooses (sort of svctag-456432 etc). Could this be the issue in case do i need to rename the DC properly ?

Thanks
0
Comment
Question by:Netexperts
  • 5
  • 4
9 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 1000 total points
ID: 34095332
VPN based on L2TP requires a certificate to estabilish connection. Did you also restore a certificate on a VPN server after rebuild?

Check also if you didn't enable a firewall on that server (port UPD 1701 is needed)

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34095350
OK, one more thing I missed. You renamed your DC, right? Probably there is also a CA role installed. So, certificate is not trusted on a VPN server because a CA has no valid certificate. You have 2 choices. Revert DC name to the proper one, restore also CA role with all certificates OR set up completely new certificates for VPN server and your clients. Redistribute them again.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34158666
Sorry for the late post. I've tried to export a new certificate but it still won't connect. Can you clarify exaclty what i need to do to get the certificate (i tried to create a cert template for IPSEC)

Thanks

0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34182894
OK, you issued new computer certificate to your clients, right? Do you have Enterprise Edition of your 2003 server, where is CA component installed? It will simplify certificate's auto-enrollment in your domain environment (if not, you will do that manually).

Please check this Microsoft article, explaining how to prepare a computer certificate for L2TP VPN connection.
http://technet.microsoft.com/en-us/library/cc757207%28WS.10%29.aspx

Then, when you have the certificate you have to configure your VPN clients to be able using LT2P connections (by default they use PPTP). This Microsoft's article explains how to do that on the clients.
http://technet.microsoft.com/en-us/library/bb742553.aspx#ECAA

Please try to following these guides. If you will have any other questions, please contact me.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34187592
Thanks,

It's Standard edition
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333628
I've had Microsoft on and they confirmed that all the certificates are correct. I've tried to connect to the server from itself through l2tp but it's showing that the remote coputer did not respond. I've checked the logs and this shows up when it try to connect:
The communication device attached to port VPN4-127 is not functioning.
I've set static DHCP along with Dynamic in case it's this but it still won't connect although pptp is fine.
I've tried using pre-shared keys as well.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34333788
OK, maybe lt2p ports are not enabled on vpn server (at least 1)?

Krzysztof
l2tp-ports.JPG
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333846
They are there.

Thanks
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 34615603
We didn't manage to resolve this but points awarded for time taken to try and help.
Many Thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question