RRAS L2TP Error 789

[Alexander LAW]

Hello,
I am running Windows 2003 and RRAS. When I am trying to connect on the same
machine by local IP using L2TP, I get error 789. PPTP works fine. I tune
PPTP to use EAP (with my computer certificate) - everything works fine too.
System/Application event logs are clear.
I look into diagnostic log files - and found next:
RASAPI32.LOG
..............
[2036] 23:15:13: RasEnableIpSec(1)..
[2036] 23:15:13: RasEnableIpSec done. 0
[2036] 23:15:13: RasDoIke on hport 1...
[2036] 23:15:13: RasDoIke done. Err=0x315, Status=0x0
[2036] 23:15:13: RDM errors=789,0
.........................

RASMAN.LOG
........................
[3348] 11-10 23:15:13:517: DwDoIke: port=VPN2-4, hEvent=0x169c
[3348] 11-10 23:15:13:517: Found primary ip address for this interface.
wType=0x23,address=0x100007f
[3348] 11-10 23:15:13:517: DwGetBestInterface: done. rc=0x0,
address=0x100007f, mask=0xff
[3348] 11-10 23:15:13:517: DwDoIke failed to init negotiation. 0x3622
[3348] 11-10 23:15:13:517: DwDoIke: done. 0x315
[3348] 11-10 23:15:13:517: DwDoIke for port VPN2-4 returned 0x315
[3348] 11-10 23:15:13:517: DoIke done. 0x315

What is DwDoIke error 0x3622???

Thanks for help,
Alexander

 

[Karl A Mikesell]

Here are the UDP ports to use L2TP/IPSec, since computer certificate is in
place.

L2TP first uses UDP port 500 IKE (i.e. RAS do IKE)
in Windows Server 2003 it can also do NAT-T using UDP port 4500, and
the payload is sent using UDP 1701, these are fixed ports on both sides.

Be sure these UDP port are not blocked, and L2TP/IPSec should work.

Hope that helps.

Karl Mikesell MCSE