Solved

Cannot connect to VPN through L2TP

Posted on 2010-11-08
9
884 Views
Last Modified: 2012-05-10
We have got a Server 2003 DC that was able to connect via VPN (PPTP and L2TP) and this crashed and had to be rebuilt completely. We now can't connect in through L2TP as this errors with
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer

I have tried to set this to a pre-shared key to see if this would help but still get the same error. There is no NAT on the server also.
When the server was rebuilt it was renamed to the original server name but the 'Full computer name' wasn't and so is the default name that Windows install chooses (sort of svctag-456432 etc). Could this be the issue in case do i need to rename the DC properly ?

Thanks
0
Comment
Question by:Netexperts
  • 5
  • 4
9 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 34095332
VPN based on L2TP requires a certificate to estabilish connection. Did you also restore a certificate on a VPN server after rebuild?

Check also if you didn't enable a firewall on that server (port UPD 1701 is needed)

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34095350
OK, one more thing I missed. You renamed your DC, right? Probably there is also a CA role installed. So, certificate is not trusted on a VPN server because a CA has no valid certificate. You have 2 choices. Revert DC name to the proper one, restore also CA role with all certificates OR set up completely new certificates for VPN server and your clients. Redistribute them again.

Regards,
Krzysztof
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34158666
Sorry for the late post. I've tried to export a new certificate but it still won't connect. Can you clarify exaclty what i need to do to get the certificate (i tried to create a cert template for IPSEC)

Thanks

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34182894
OK, you issued new computer certificate to your clients, right? Do you have Enterprise Edition of your 2003 server, where is CA component installed? It will simplify certificate's auto-enrollment in your domain environment (if not, you will do that manually).

Please check this Microsoft article, explaining how to prepare a computer certificate for L2TP VPN connection.
http://technet.microsoft.com/en-us/library/cc757207%28WS.10%29.aspx

Then, when you have the certificate you have to configure your VPN clients to be able using LT2P connections (by default they use PPTP). This Microsoft's article explains how to do that on the clients.
http://technet.microsoft.com/en-us/library/bb742553.aspx#ECAA

Please try to following these guides. If you will have any other questions, please contact me.

Regards,
Krzysztof
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:Netexperts
ID: 34187592
Thanks,

It's Standard edition
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333628
I've had Microsoft on and they confirmed that all the certificates are correct. I've tried to connect to the server from itself through l2tp but it's showing that the remote coputer did not respond. I've checked the logs and this shows up when it try to connect:
The communication device attached to port VPN4-127 is not functioning.
I've set static DHCP along with Dynamic in case it's this but it still won't connect although pptp is fine.
I've tried using pre-shared keys as well.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34333788
OK, maybe lt2p ports are not enabled on vpn server (at least 1)?

Krzysztof
l2tp-ports.JPG
0
 
LVL 1

Author Comment

by:Netexperts
ID: 34333846
They are there.

Thanks
0
 
LVL 1

Author Closing Comment

by:Netexperts
ID: 34615603
We didn't manage to resolve this but points awarded for time taken to try and help.
Many Thanks
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now