Event ID 20192 — RRAS IPsec Configuration

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

red

For L2TP-based virtual private networking (VPN) connections, a certificate infrastructure is required to issue computer certificates used to negotiate authentication for Internet Protocol security (IPsec). If a computer certificate required for IPsec is not available, the connection will fail.

 

Event Details

Product: Windows Operating System
ID: 20192
Source: RemoteAccess
Version: 6.1
Symbolic Name: ROUTERLOG_NO_IPSEC_CERT
Message: A certificate could not be found. Connections that use the L2TP protocol over IPsec require the installation of a machine certificate also known as a computer certificate. No L2TP calls will be accepted.

Resolve

Install a certificate

To install a computer certificate, a certification authority (CA) must be available to issue certificates. After the CA is configured, you can install a computer certificate in the following ways:

  • By configuring the automatic allocation of computer certificates to computers in an Active Directory domain.

    This method allows a single point of configuration for the entire domain. All members of the domain automatically request the computer certificate through a Group Policy setting. To immediately obtain a computer certificate for a computer that is a member of the domain for which autoenrollment is configured, restart the computer or type gpupdate /target:computer from a command prompt.

  • By using the Certificates snap-in to request a computer certificate.

    If you are using a Windows Server 2008 or Windows Server 2003 enterprise CA as an issuing CA, each computer can separately request a computer certificate from the issuing CA using the Certificates snap-in.

  • By using the Certificates snap-in to import a computer certificate.

    If you have a certificate file that contains the computer certificate, you can import the computer certificate using the Certificates snap-in.

Verify

To verify that the remote access server can accept connections, establish a remote access connection from a client computer.

To create a VPN connection:

  1. Click Start, and then click Control Panel.
  2. Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
  3. Click Connect to a workplace, and then click Next.
  4. Complete the steps in the Connect to a Workplace wizard.

To connect to a remote access server:

  1. In Network and Sharing Center, click Manage network connections.
  2. Double-click the VPN connection, and then click Connect.
  3. Verify that the connection was established successfully.

Related Management Information

RRAS IPsec Configuration

Routing and Remote Access Service Infrastructure

Community Additions

ADD
Show: