This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 69%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi dear
I need to Configure a vpn server with certificate authentication. ca-server is standalone. an all machine not join any domain and there are workstation.i can't connect vpn-client to vpn-server with L2TP/IPSEC and certificate but no problem when joined to domain.
is any soloution for L2TP/IPsec with certificate connection without joining a domain ?
thanks
Hi ,
A valid computer certificate and root certificate are required on both VPN client and VPN server.
Certificate enrollment for computers that are not domain members cannot be
done with auto-enrollment. When a computer is joined to a domain, a trust
is established that allows auto-enrollment to occur without administrator
intervention. When a computer is not joined to a domain, trust is not
established and a certificate is not issued.
So for non-domain member computers you must enroll certificates manually.
For how to request certificate from a non-domain computer, you can refer to the following link:
Best Regards,
Candy
--------------------------------------------------------------
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
thank you
I setting up standalone ca server and install ca and server certificate in vpn-server and install ca and client certificate in client-server with enroll certificates manually.
but when client connect to server with L2tp/IPSec error occured :
A network connection between your computer and the VPN server was started, but the VPN connection was not completed. This is typically caused by the use of an incorrect or expired certificate for authentication between the client and the server. Please contact your Administrator to ensure that the certificate being used for authentication is valid.
The error code should be 810, is it right? Make sure server certificate and client certificate are stored in Personal Certificate store of the Computer store. CA root should be in Trusted Root Certification Authority of the computer store.
yes error code is 810. Everything is done as you said above!!
You might check client cert details, here is a similar thread discussed before. See if it can help with you:
http://www.chicagotech.net/netforums/viewtopic.php?f=2&t=16300
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.