error 778

[lill]

Hi,

I have a windows 2003 network where one of the computers is configured as a
VPN server using certificates for authentication. The VPN clients are
computers running Windows XP. It all works fine, but when I select option:
"Validate server certificate from client's network connection" I get error :
778 which says " it was not possible to verify the identity of the server".
Turning of the validation of the server certificates makes it all fine
again. Is it not possible to verify the server certificate this way? What do
I have to do to make it work and also valdiate the certificate?

-Lill

 

[Priya Raghavan MSFT]

Hi Lill,

Your server should have a certificate and the CA who issued the certificate
should be trusted by the client. Can you check if that CA is present in the
client's Trusted Root CA ?

Thanks,
Priya.

 

[lill]

Hi,

the CA was not presented in the client's Trusted Root CA. The problem is
now solved, and it is possible to validate the server's certificate.
Thank you!

Do you have any suggestions how to test the VPN connection? My network is a
virtual network i connectix and consist of a DC, a CA, a VPN server and a
VPN client. This is a test lab which I am going to deploy in real life
later. Another tricky part is where to place the VPN server in the real
network.
The clients will need access to data that the local clients already have
access to. These are located between a couple of firewalls in an inner
subnet, not in the DMZ. What are the most secure solution? To have a VPN
tunnel all the way through the network, or to place the VPN server in the
DMZ (or similar) and decrypt the data before they reach the inner network
where the data is?

-Lill