none
IPsec VPN returns 810 error code

    Question

  • Hello

    Under Windows 7 and Windows XP I have VPN with preshared key (remote server is Windows 2008 Standard) and all works fine. But when trying to configure IPSec with certificate i have 810 error code.

    There are certificates installed properly in my local storage (computer). I have one in storage computer in personal tab (mmc) and one in trusted root CA (computer and user).

    I don't know what I should looking for.

    Best Regards
    Przemysław Staniszewski

    Wednesday, December 28, 2011 9:08 AM

Answers

  • Hi Przemysław Staniszewski,

     

    Thanks for your post.

     

    According to the error 810, it appears that we are using an incorrect certificate for VPN authentication between client and server. For L2TP/IPsec VPN certificate authentication, please note that the VPN server must also have the appropriate certificates installed. On the VPN server, locate to MMC snap-in -> Certificates -> Local Computer -> Personal -> Certificates. In the right panel, please ensure the RRAS server certificate is installed. Also check the root CA certificate.

     

    On the other hand, at the VPN client side. Verify that the root CA certificates are installed on both user and computer certificates. In addition, on the Local Computer -> Personal container, also need have a valid certificate issued by the CA to the client computer.

    Note: The certificate subject name must be the same with the computer name.

     

    Administrator’s Guide to Microsoft L2TP/IPSec VPN Client

     http://technet.microsoft.com/en-us/library/bb742553.aspx 

     

     

    Best Regards,

    Aiden

     

    Thursday, December 29, 2011 6:54 AM
    Moderator

All replies

  • Hi Przemysław Staniszewski,

     

    Thanks for your post.

     

    According to the error 810, it appears that we are using an incorrect certificate for VPN authentication between client and server. For L2TP/IPsec VPN certificate authentication, please note that the VPN server must also have the appropriate certificates installed. On the VPN server, locate to MMC snap-in -> Certificates -> Local Computer -> Personal -> Certificates. In the right panel, please ensure the RRAS server certificate is installed. Also check the root CA certificate.

     

    On the other hand, at the VPN client side. Verify that the root CA certificates are installed on both user and computer certificates. In addition, on the Local Computer -> Personal container, also need have a valid certificate issued by the CA to the client computer.

    Note: The certificate subject name must be the same with the computer name.

     

    Administrator’s Guide to Microsoft L2TP/IPSec VPN Client

     http://technet.microsoft.com/en-us/library/bb742553.aspx 

     

     

    Best Regards,

    Aiden

     

    Thursday, December 29, 2011 6:54 AM
    Moderator
  • The real problem for me was not incorrect certificates but incomplete on the template properties that created them, client authentication and allow user data encryption and the name must match
    the DNS or should be IP instead.

    And exporting certificates from personal user to computer personal folder must be done with export wizard only. no GUI please.

    Oh, I started with no NAT then presto got it working and added NAT, broke it, kept on changing,
    reading logs and finally got it working, sorta. Seems only domain clients can
    connect to same domain RRAS server. not someone elses.<o:p></o:p>



    enough for now.
    • Edited by wilspin Saturday, February 15, 2014 3:23 AM
    Saturday, February 15, 2014 3:21 AM