Server 2008 R2: VPN Setup Causes Hundreds of "Event 20171" Errors


I've recently set up a basic (single NIC) PPTP VPN on Windows Server 2008 R2.  It's working fine, but for some reason I get multiple (hundreds) of error logs with Event 20171 from RemoteAccess.  The errors only appear on system start-up and they're all time stamped with the same time.

Here's the description it provides:

Failed to apply IP Security on port VPN2-11 because of error: A certificate could not be found.  Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate..  No calls will be accepted to this port.

I'm not sure how to interpret the message...and I don't require L2TP.  Any help in solving this would be great.


- Brian
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Randy DownsOWNERCommented:
You might want to install a self-signed certificate.
Randy DownsOWNERCommented:
Try this -

To create a self-signed certificate
You can perform this procedure by using the user interface (UI).

User Interface
To use the UI
1.Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

2.In Features view, double-click Server Certificates.

3.In the Actions pane, click Create Self-Signed Certificate.

4.On the Create Self-Signed Certificate page, type a friendly name for the certificate in the Specify a friendly name for the certificate box, and then click OK.
belias1Author Commented:
Thanks for the quick reply.  I don't have IIS installed on this server, and I'd prefer not to unless it's required (security, overhead, etc.).

Any thoughts?


- Brian
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

Randy DownsOWNERCommented:
Why don't you remove the L2TP interfaces from RRAS, if you don't require them?

belias1Author Commented:
simonlimon:  Makes sense - but I'm not sure how to do this.  I've looked through the various configuration settings, and I can see where to change a few L2TP settings but not how to remove it.  Any guidance here?

Randy DownsOWNERCommented:
Try this -

 // Modify L2TP and PPTP port information on the local RRAS server
    wprintf(L"Disabling RRAS enabled L2TP and PPTP ports on the local system.");
    pMprServer->dwL2tpPortFlags = FALSE;
Open RRAS console,

click on ports, Select L2TP ports right click properties Remove check box from Remote access connections and demand dial routing, set the number of ports to 0.

Click OK, Click apply.

You are not using L2TP at all, right?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
belias1Author Commented:
Number-1:  Fast response and definitely valid, unfortunately didn't apply in my situation since I don't have IIS.

Simonlimon:  Perfect - that did it!  I thought I'd never get rid of those errors.  Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.