Server 2008 R2: VPN Setup Causes Hundreds of "Event 20171" Errors
Hello,
I've recently set up a basic (single NIC) PPTP VPN on Windows Server 2008 R2. It's working fine, but for some reason I get multiple (hundreds) of error logs with Event 20171 from RemoteAccess. The errors only appear on system start-up and they're all time stamped with the same time.
Here's the description it provides:
Failed to apply IP Security on port VPN2-11 because of error: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.. No calls will be accepted to this port.
I'm not sure how to interpret the message...and I don't require L2TP. Any help in solving this would be great.
Thanks!
- Brian
I've recently set up a basic (single NIC) PPTP VPN on Windows Server 2008 R2. It's working fine, but for some reason I get multiple (hundreds) of error logs with Event 20171 from RemoteAccess. The errors only appear on system start-up and they're all time stamped with the same time.
Here's the description it provides:
Failed to apply IP Security on port VPN2-11 because of error: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.. No calls will be accepted to this port.
I'm not sure how to interpret the message...and I don't require L2TP. Any help in solving this would be great.
Thanks!
- Brian
Randy Downs
You might want to install a self-signed certificate.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the quick reply. I don't have IIS installed on this server, and I'd prefer not to unless it's required (security, overhead, etc.).
Any thoughts?
Thanks,
- Brian
Any thoughts?
Thanks,
- Brian
Why don't you remove the L2TP interfaces from RRAS, if you don't require them?
ASKER
simonlimon: Makes sense - but I'm not sure how to do this. I've looked through the various configuration settings, and I can see where to change a few L2TP settings but not how to remove it. Any guidance here?
Thanks.
Thanks.
Try this - http://msdn.microsoft.com/en-us/library/aa382190(v=vs.85).aspx
// Modify L2TP and PPTP port information on the local RRAS server
wprintf(L"Disabling RRAS enabled L2TP and PPTP ports on the local system.");
pMprServer->dwL2tpPortFlag
wprintf(L"Disabling RRAS enabled L2TP and PPTP ports on the local system.");
pMprServer->dwL2tpPortFlag
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Number-1: Fast response and definitely valid, unfortunately didn't apply in my situation since I don't have IIS.
Simonlimon: Perfect - that did it! I thought I'd never get rid of those errors. Thank you!
Simonlimon: Perfect - that did it! I thought I'd never get rid of those errors. Thank you!