I am new learning how to setup MS certificate authenticaion for VPN 3000 Concentrator clients. MS Cert runs on a Windows 2000 Active Directory with 1-way trust with NT 4 domain controller (this is where all domain users are stored). The certificate is valid. But, I can only logon successfully when I dialup from the same machine and after I have logged to the NT domain first. Otherwise, I will receive "unable to contact security gateway". Following are further informations that I have captured. Any ideas please??? thanks muchly.
Log from VPN Client
41 18:43:22.115 08/27/04 Sev=Info/4 CERT/0x63600015
Could not load private key for certificate cn=XXXX,ou=XXX,o=Company Name,l=Suburb Name,st=State name,c=AU,e=username@xyz.com.au from store Microsoft User Certificate.
42 18:43:22.115 08/27/04 Sev=Warning/2 IKE/0xE3000007
Unable to open certificate (cn=XXXX,ou=XXX,o=Company Name,l=Suburb Name,st=Sate name,c=AU,e=username@xyz.com.au).
If you are using a smartcard or token containing a certificate, verify the correct one is plugged in and try again.
Log from VPN Concentrator 3000
1 08/27/2004 19:41:14.440 SEV=5 IP/49 RPT=18
Headend transmitting TCP SYN-ACK pkt to client 203.61.92.39, TCP dest port 1906