Article ID: 299307
Article Last Modified on 1/15/2006
APPLIES TO
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
This article was previously published under Q299307
SYMPTOMS
When you attempt to establish a Layer 2 Tunneling Protocol (L2TP) connection from a Windows XP-based L2TP client computer to a Windows XP-based Routing and Remote Access Service server, you can receive the following error message:
CAUSE
This behavior can occur because you have a preshared key that is configured on the client, but the key is not configured on the Routing and Remote Access Service server. If you set up this type of configuration, you can receive the error message even if valid certificates are configured on both the client and the server.
RESOLUTION
To work around this behavior, remove the preshared key from the client so that a security negotiation process (by using certificates) can occur:
- In Control Panel, double-click Network Connections.
- Under the Virtual Private Network section, right-click the L2TP connectoid that you want to modify, and then click Properties.
- On the Security tab, click IPSec Settings.
- Click to clear the Use pre-shared key for authentication check box, and then click OK.
- Click OK again to exit the dialog box of the connectoid.
STATUS
This behavior is by design.
MORE INFORMATION
If a preshared key is configured on an L2TP client, the security negotiation process does not attempt to use certificates for authentication, even if a valid certificate exists.
For additional information about other possible causes of error 792, click the article number below to view the article in the Microsoft Knowledge Base:
247231 Event ID 20111, Error 792, or Error 781 When Establishing an L2TP/IPSec Connection
For additional information about configuring L2TP and certificates, click the article number below to view the article in the Microsoft Knowledge Base:
253498 How to Install a Certificate for Use with IP Security
Keywords: kberrmsg kbenv kbprb KB299307
