Event ID 20192 — RRAS IPsec Configuration

Applies To: Windows Server 2008

For L2TP-based virtual private networking (VPN) connections, a certificate infrastructure is required to issue computer certificates used to negotiate authentication for Internet Protocol security (IPsec). If a computer certificate required for IPsec is not available, the connection will fail.

 

Event Details

Product: Windows Operating System
ID: 20192
Source: RemoteAccess
Version: 6.0
Symbolic Name: ROUTERLOG_NO_IPSEC_CERT
Message: A certificate could not be found. Connections that use the L2TP protocol over IPsec require the installation of a machine certificate also known as a computer certificate. No L2TP calls will be accepted.

Resolve

Install a certificate

To install a computer certificate, a certification authority (CA) must be available to issue certificates. After the CA is configured, you can install a computer certificate in the following ways:

  • By configuring the automatic allocation of computer certificates to computers in an Active Directory domain.

    This method allows a single point of configuration for the entire domain. All members of the domain automatically request the computer certificate through a Group Policy setting. To immediately obtain a computer certificate for a computer that is a member of the domain for which autoenrollment is configured, restart the computer or type gpupdate /target:computer from a command prompt.

  • By using the Certificates snap-in to request a computer certificate.

    If you are using a Windows Server 2008 or Windows Server 2003 enterprise CA as an issuing CA, each computer can separately request a computer certificate from the issuing CA using the Certificates snap-in.

  • By using the Certificates snap-in to import a computer certificate.

    If you have a certificate file that contains the computer certificate, you can import the computer certificate using the Certificates snap-in.

Verify

To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
  3. Click Connect to a workplace, and then click Next.
  4. Complete the steps in the Connect to a Workplace wizard.

To connect to a remote access server:

  1. In Network and Sharing Center, click Manage network connections.
  2. Double-click the VPN connection, and then click Connect.
  3. Verify that the connection was established successfully.

RRAS IPsec Configuration

Routing and Remote Access Service Infrastructure