Solved

Cannot connect to VPN through L2TP

Posted on 2010-11-08
9
898 Views
Last Modified: 2012-05-10
We have got a Server 2003 DC that was able to connect via VPN (PPTP and L2TP) and this crashed and had to be rebuilt completely. We now can't connect in through L2TP as this errors with
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

I have tried to set this to a pre-shared key to see if this would help but still get the same error. There is no NAT on the server also.
When the server was rebuilt it was renamed to the original server name but the 'Full computer name' wasn't and so is the default name that Windows install chooses (sort of svctag-456432 etc). Could this be the issue in case do i need to rename the DC properly ?

Thanks
0
Comment
Question by:Netexperts
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34095332
VPN based on L2TP requires a certificate to estabilish connection. Did you also restore a certificate on a VPN server after rebuild?

Check also if you didn't enable a firewall on that server (port UPD 1701 is needed)

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34095350
OK, one more thing I missed. You renamed your DC, right? Probably there is also a CA role installed. So, certificate is not trusted on a VPN server because a CA has no valid certificate. You have 2 choices. Revert DC name to the proper one, restore also CA role with all certificates OR set up completely new certificates for VPN server and your clients. Redistribute them again.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34158666
Sorry for the late post. I've tried to export a new certificate but it still won't connect. Can you clarify exaclty what i need to do to get the certificate (i tried to create a cert template for IPSEC)

Thanks

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34182894
OK, you issued new computer certificate to your clients, right? Do you have Enterprise Edition of your 2003 server, where is CA component installed? It will simplify certificate's auto-enrollment in your domain environment (if not, you will do that manually).

Please check this Microsoft article, explaining how to prepare a computer certificate for L2TP VPN connection.
http://technet.microsoft.com/en-us/library/cc757207%28WS.10%29.aspx

Then, when you have the certificate you have to configure your VPN clients to be able using LT2P connections (by default they use PPTP). This Microsoft's article explains how to do that on the clients.
http://technet.microsoft.com/en-us/library/bb742553.aspx#ECAA

Please try to following these guides. If you will have any other questions, please contact me.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34187592
Thanks,

It's Standard edition
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333628
I've had Microsoft on and they confirmed that all the certificates are correct. I've tried to connect to the server from itself through l2tp but it's showing that the remote coputer did not respond. I've checked the logs and this shows up when it try to connect:
The communication device attached to port VPN4-127 is not functioning.
I've set static DHCP along with Dynamic in case it's this but it still won't connect although pptp is fine.
I've tried using pre-shared keys as well.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34333788
OK, maybe lt2p ports are not enabled on vpn server (at least 1)?

Krzysztof
l2tp-ports.JPG
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333846
They are there.

Thanks
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 34615603
We didn't manage to resolve this but points awarded for time taken to try and help.
Many Thanks
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Computer crashes, following error message in event manager 5 278
OPINIONS please : best Active Directory Monitoring tool 5 179
DHCP server 6 63
Alert on Server memory 2 45
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question