Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SSO with Pre-Shared Key on Windows 7

Posted on 2014-01-16
12
Medium Priority
?
672 Views
Last Modified: 2014-02-18
Hello, Experts!

I'm trying to configure a Single-Sign On for our users who are outside the office and need to connect to our VPN before signing into Windows.

I've been able to configure it with this guide:

http://www.windowsnetworking.com/articles-tutorials/windows-7/VPN-Single-Sign-On-Windows-7.html

However, when it tries to connect to our VPN, we get this error:
Error Description:  766: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate.

Because our Meraki Security Appliance ONLY uses a pre-shared key and there's no remote access server in the picture, I believe that this is a Windows limitation (Windows is trying to protect me from using pre-shared keys). I thought this Microsoft article would help:
https://support.microsoft.com/kb/240262

but it seems to discuss a remote access server which is not part of the picture.

I'm sure there are some registry tweaks needed to suppress Microsoft looking for a certificate - the question is where. Any ideas?

Thanks!
0
Comment
Question by:workforceinsight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 11

Expert Comment

by:DIPRAJ
ID: 39793436
here, the certificate you are asking for must be requested from Certificate authority(CA).

you need to install this certificate inside machine store of the VPN server.


the certificate should include the following details:

   1.  Common name (CN): Same as the hostname OR IP  address that is configured as VPN destination on the VPN client of your network.

   2.  Extended Key Usage (EKU):   “Server Authentication” and “IP Security IKE intermediate”.

   3.  Key Usage: Select Digital signature and Key encipherment( algorithm for performing encryption and decryption)
0
 

Author Comment

by:workforceinsight
ID: 39794058
Hello,

Thanks for commenting. Unfortunately, the VPN server is a firewall appliance that ONLY allows for a pre-shared key - no certificate.

I'm hoping to turn off Windows' need to seek out a certificate because it cannot apply to this situation.

Thanks,
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39804596
What type of VPN is the firewall appliance configured to allow?  In your error message it looks like you're using a L2TP VPN.  That's quite uncommon.  I'd imagine you're using an IPSec VPN instead.
0
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

 

Author Comment

by:workforceinsight
ID: 39812570
Hello, craigbeck,

Thanks - you are correct, we're using an IPSec VPN.
0
 
LVL 59

Expert Comment

by:LeeTutor
ID: 39868343
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 

Author Comment

by:workforceinsight
ID: 39868282
Figured it out:

1. Run "regedit", allocate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters, and delete ProhibitIpSec key.
2. Restart Windows, and try to connect VPN again.
0
 

Accepted Solution

by:
workforceinsight earned 0 total points
ID: 39868283
1. Run "regedit", allocate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters, and delete ProhibitIpSec key.
2. Restart Windows, and try to connect VPN again.
0
 

Author Comment

by:workforceinsight
ID: 39868640
I've requested that this question be closed as follows:

Accepted answer: 0 points for workforceinsight's comment #a39868283

for the following reason:

Registry fix is the solution
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question