Event ID 20192 — RRAS IPsec Configuration
Applies To: Windows Server 2008 R2
For L2TP-based virtual private networking (VPN) connections, a certificate infrastructure is required to issue computer certificates used to negotiate authentication for Internet Protocol security (IPsec). If a computer certificate required for IPsec is not available, the connection will fail.
Event Details
Product: | Windows Operating System |
ID: | 20192 |
Source: | RemoteAccess |
Version: | 6.1 |
Symbolic Name: | ROUTERLOG_NO_IPSEC_CERT |
Message: | A certificate could not be found. Connections that use the L2TP protocol over IPsec require the installation of a machine certificate also known as a computer certificate. No L2TP calls will be accepted. |
Resolve
Install a certificate
To install a computer certificate, a certification authority (CA) must be available to issue certificates. After the CA is configured, you can install a computer certificate in the following ways:
By configuring the automatic allocation of computer certificates to computers in an Active Directory domain.
This method allows a single point of configuration for the entire domain. All members of the domain automatically request the computer certificate through a Group Policy setting. To immediately obtain a computer certificate for a computer that is a member of the domain for which autoenrollment is configured, restart the computer or type gpupdate /target:computer from a command prompt.
By using the Certificates snap-in to request a computer certificate.
If you are using a Windows Server 2008 or Windows Server 2003 enterprise CA as an issuing CA, each computer can separately request a computer certificate from the issuing CA using the Certificates snap-in.
By using the Certificates snap-in to import a computer certificate.
If you have a certificate file that contains the computer certificate, you can import the computer certificate using the Certificates snap-in.
Verify
To verify that the remote access server can accept connections, establish a remote access connection from a client computer.
To create a VPN connection:
- Click Start, and then click Control Panel.
- Click Network and Internet, click Network and Sharing Center, and then click Set up a connection or network.
- Click Connect to a workplace, and then click Next.
- Complete the steps in the Connect to a Workplace wizard.
To connect to a remote access server:
- In Network and Sharing Center, click Manage network connections.
- Double-click the VPN connection, and then click Connect.
- Verify that the connection was established successfully.