Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

2012 RAS Failed to apply IP Security on port.

Posted on 2013-12-24
5
Medium Priority
?
3,432 Views
Last Modified: 2013-12-24
I am getting many errors in the event log similar to:

Failed to apply IP Security on port VPN0-34 because of error: A certificate could not be found.  Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate..  No calls will be accepted to this port.

I look at the Certificate Store for the local machine and there are no certificates. Could this be the problem and how to fix it.

I have a SBS 2003 domain that I am adding 2 Win2012 DCs that will someday replace the 2003. One 2012 server has a couple of certificates in its local store. The other one doesn't and is getting the above messages. Both 2012 servers are fresh; I can remove and start over if this is a serious problem.

Thanks
0
Comment
Question by:MikeBroderick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 37

Expert Comment

by:Mahesh
ID: 39738423
In order to run L2TP VPN connection, server and connecting client computer both should have computer certificate for mutual authentication

http://technet.microsoft.com/en-us/library/cc757207(v=ws.10).aspx

Its not serious problem. If you are using servers as windows L2TP VPN servers, then you must install Computer (Server) certificate on both servers and computer certificate on client computers, otherwise these steps are not necessary

You have to have internal CA server at least to provide certificates.

Mahesh
0
 

Author Comment

by:MikeBroderick
ID: 39738588
Thank you for your reply. I think the problem is there are no certificates in the Computer Store on the server that I am having problems with (SVR04). There are 3 certificates on the machine that works (SVR03). I followed the instructions given, adding an entry to group policy then running the command gpupdate. I still do not have certificates in the SVR04 local machine store. Do I need to specify the CA server somewhere? The TechNet article said on step 6 (adding the entry) that the CA server name should appear. It didn't.

FYI, my SBS 2003 server (SVR02) is the CA for the domain. I plan on changing that in the future.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39738603
Check if CA server root certificate in installed on SRV04 ?
If not export from CA server and import it on SRV04 in trusted root certificate authorities

Once you do that you should be able to request computer (server) certificate from MMC console\computer certs on SRV04

You can change CA server later on, remember don't change CA server hostname, otherwise you need to re enrol all certificates as certs will not be able to check CRL

Check below links for more info
http://blogs.technet.com/b/rrasblog/archive/2009/06/10/what-type-of-certificate-to-install-on-the-vpn-server.aspx
http://www.windowsecurity.com/articles-tutorials/authentication_and_encryption/Configuring-Windows-Server-2008-Remote-Access-SSL-VPN-Server-Part2.html

Mahesh
0
 

Author Comment

by:MikeBroderick
ID: 39738696
Yes, The CA's (SVR02) root certificate is installed. When I request a certificate I get the error "The RPC Server is unavailable"
0
 

Author Comment

by:MikeBroderick
ID: 39738702
I've decided to delete the server (its a VM) and start over. Thanks for your help
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question