IPSec error 781?

[Jéjé]

Hi,

Currently I try to allow VPN access through IPSec instead-of PPTP.
Because I'll have some client behind firewalls, and the IPSec protocol can
pass these firewalls more easily.

The preshared key mode works fine.
The pptp (from a Windows XP station) works fine
I've a user certificate provided by my DC for my test user
My DC is not my VPN server (Dc = server A, VPN = Server B)
My DC is a SBS 2003 server, my VPN server (also with ISA Server) is a Win
2003 server

When I try to connect my VPN the error 781 appear.

What I've to do at the Server B level?
What is missing?
Or what options must be activated at my client station?

thanks

Jerome.

 

[Sharoon Shetty K [MSFT]]

Did you check this KB article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247231

 

[Jéjé]

I've read this article, but does I MUST install certificate server on my VPN
server?
Because I've allready 1 installed on my DC.

 

[Sharoon Shetty K [MSFT]]

You need the certificates on your VPN Server, you could put your Vpn Server
in the domain, if your CA is setup for auto-enroll, then the server will get
the certificates automatically.

For more details check this link
http://www.microsoft.com/resources/...003/standard/proddocs/en-us/sag_VPN_und15.asp

 

[Jéjé]

my VPN server is already in the domain. but this server is not a domain
controler.

I'll check the link you have sent.

You need the certificates on your VPN Server, you could put your Vpn Server
in the domain, if your CA is setup for auto-enroll, then the server will get
the certificates automatically.

For more details check this link
http://www.microsoft.com/resources/...003/standard/proddocs/en-us/sag_VPN_und15.asp

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

I've read this article, but does I MUST install certificate server on my VPN
server?
Because I've allready 1 installed on my DC.


"Sharoon Shetty K [MSFT]" <[email protected]> a écrit dans le
message de news:[email protected]...

Did you check this KB article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247231

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi,

Currently I try to allow VPN access through IPSec instead-of PPTP.
Because I'll have some client behind firewalls, and the IPSec

protocol
can

pass these firewalls more easily.

The preshared key mode works fine.
The pptp (from a Windows XP station) works fine
I've a user certificate provided by my DC for my test user
My DC is not my VPN server (Dc = server A, VPN = Server B)
My DC is a SBS 2003 server, my VPN server (also with ISA Server) is

a
Win

2003 server

When I try to connect my VPN the error 781 appear.

What I've to do at the Server B level?
What is missing?
Or what options must be activated at my client station?

thanks

Jerome.

 

[Jéjé]

well...
I continue to receive the error.
I've activated the EAP authentication method, and my user certificate works
fine and authenticate the user correctly. (through the PPTP protocol, not
the IPSec)
So, my client certificate works and my VPN authenticate it correctly.
So I presume my certificate system works fine.

My isa server log display no errors, so I presume that ISA don't block my
IPSec requests (and also, I can be connected to an external Cisco VPN which
also use the IPSec protocol)

I don't understand whats appends and where is the problem. at th server
level or at the client level?

You need the certificates on your VPN Server, you could put your Vpn Server
in the domain, if your CA is setup for auto-enroll, then the server will get
the certificates automatically.

For more details check this link
http://www.microsoft.com/resources/...003/standard/proddocs/en-us/sag_VPN_und15.asp

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

I've read this article, but does I MUST install certificate server on my VPN
server?
Because I've allready 1 installed on my DC.


"Sharoon Shetty K [MSFT]" <[email protected]> a écrit dans le
message de news:[email protected]...

Did you check this KB article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247231

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi,

Currently I try to allow VPN access through IPSec instead-of PPTP.
Because I'll have some client behind firewalls, and the IPSec

protocol
can

pass these firewalls more easily.

The preshared key mode works fine.
The pptp (from a Windows XP station) works fine
I've a user certificate provided by my DC for my test user
My DC is not my VPN server (Dc = server A, VPN = Server B)
My DC is a SBS 2003 server, my VPN server (also with ISA Server) is

a
Win

2003 server

When I try to connect my VPN the error 781 appear.

What I've to do at the Server B level?
What is missing?
Or what options must be activated at my client station?

thanks

Jerome.

 

[Sharoon Shetty K [MSFT]]

You need to install a machine cert on your VPN Server with the purpose of
Server Auth. You could have a look at the HELP available in the CA, it will
give you instructions on how to create a server cert.

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

well...
I continue to receive the error.
I've activated the EAP authentication method, and my user certificate works
fine and authenticate the user correctly. (through the PPTP protocol, not
the IPSec)
So, my client certificate works and my VPN authenticate it correctly.
So I presume my certificate system works fine.

My isa server log display no errors, so I presume that ISA don't block my
IPSec requests (and also, I can be connected to an external Cisco VPN which
also use the IPSec protocol)

I don't understand whats appends and where is the problem. at th server
level or at the client level?

You need the certificates on your VPN Server, you could put your Vpn Server
in the domain, if your CA is setup for auto-enroll, then the server will get
the certificates automatically.

For more details check this link

http://www.microsoft.com/resources/...003/standard/proddocs/en-us/sag_VPN_und15.asp

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

I've read this article, but does I MUST install certificate server on

my
VPN

server?
Because I've allready 1 installed on my DC.


"Sharoon Shetty K [MSFT]" <[email protected]> a écrit dans le
message de Did you check this KB article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247231

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no
rights.

Hi,

Currently I try to allow VPN access through IPSec instead-of PPTP.
Because I'll have some client behind firewalls, and the IPSec protocol
can
pass these firewalls more easily.

The preshared key mode works fine.
The pptp (from a Windows XP station) works fine
I've a user certificate provided by my DC for my test user
My DC is not my VPN server (Dc = server A, VPN = Server B)
My DC is a SBS 2003 server, my VPN server (also with ISA Server)

is

a

 

[Jéjé]

I've installed it and associated it to my DC certificate server.
but I continue to receive the 781 error.

All my users are authenticated through the active directory.

I think my IPSec policy is wrong.

You need to install a machine cert on your VPN Server with the purpose of
Server Auth. You could have a look at the HELP available in the CA, it will
give you instructions on how to create a server cert.

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.

well...
I continue to receive the error.
I've activated the EAP authentication method, and my user certificate works
fine and authenticate the user correctly. (through the PPTP protocol, not
the IPSec)
So, my client certificate works and my VPN authenticate it correctly.
So I presume my certificate system works fine.

My isa server log display no errors, so I presume that ISA don't block my
IPSec requests (and also, I can be connected to an external Cisco VPN which
also use the IPSec protocol)

I don't understand whats appends and where is the problem. at th server
level or at the client level?


"Sharoon Shetty K [MSFT]" <[email protected]> a écrit dans le
message de news:[email protected]...

You need the certificates on your VPN Server, you could put your Vpn Server
in the domain, if your CA is setup for auto-enroll, then the server

will
get

the certificates automatically.

For more details check this link

http://www.microsoft.com/resources/...resources/documentation/WindowsServ/2003/stan
dard/proddocs/en-us/sag_VPN_und15.asp on

my

VPN
server?
Because I've allready 1 installed on my DC.


"Sharoon Shetty K [MSFT]" <[email protected]> a écrit

dans
le

message de Did you check this KB article
http://support.microsoft.com/default.aspx?scid=kb;EN-US;247231

--
Thanks,
Sharoon
---------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no
rights.

Hi,

Currently I try to allow VPN access through IPSec instead-of PPTP.
Because I'll have some client behind firewalls, and the IPSec protocol
can
pass these firewalls more easily.

The preshared key mode works fine.
The pptp (from a Windows XP station) works fine
I've a user certificate provided by my DC for my test user
My DC is not my VPN server (Dc = server A, VPN = Server B)
My DC is a SBS 2003 server, my VPN server (also with ISA Server)

is

a
Win
2003 server

When I try to connect my VPN the error 781 appear.

What I've to do at the Server B level?
What is missing?
Or what options must be activated at my client station?

thanks

Jerome.