Hi !
I'm trying to connect to my work's VPN from my laptop at home running Windows 7 Home Premium 64bit using the Cicso VPN Client v5.0.07.0290 and certificates.
I have installed the company self-signed CA into the Trusted Root CA store and installed my personnal certificate into the Personnal store. When I look at the certificates using MMC I see that they are fine and trusted.
I have installed and configured the VPN client as instructed by my company.
But when I try to connect, the connection fails silently and disconnects before completing.
I have tried uninstalling everything (including certs) and reinstalling from scratch, but no dice.
Any help would be greatly appreciated.
Here is the full log, trouble starts at line 129.
Thanks !
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7600
99 19:06:40.817 04/04/11 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
100 19:06:40.837 04/04/11 Sev=Info/4 CM/0x63100002
Begin connection process
101 19:06:40.817 04/04/11 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
102 19:06:40.842 04/04/11 Sev=Info/4 CM/0x63100004
Establish secure connection
103 19:06:40.821 04/04/11 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
104 19:06:40.842 04/04/11 Sev=Info/4 CM/0x63100024
Attempt connection with server "vpn.MYCOMPANY.com"
105 19:06:40.822 04/04/11 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
106 19:06:40.848 04/04/11 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with **.**.**.**.
107 19:06:40.827 04/04/11 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
108 19:06:40.861 04/04/11 Sev=Info/6 CERT/0x63600026
Attempting to find a Certificate using Serial Hash.
109 19:06:40.828 04/04/11 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
110 19:06:40.862 04/04/11 Sev=Info/6 CERT/0x63600027
Found a Certificate using Serial Hash.
111 19:06:40.832 04/04/11 Sev=Info/4 CERT/0x63600015
Cert (ou=vpn.MYCOMPANY-IT.ca,cn=MYNAME) verification succeeded.
112 19:06:40.864 04/04/11 Sev=Info/4 CERT/0x63600015
Cert (ou=vpn.MYCOMPANY-IT.ca,cn=MYNAME) verification succeeded.
113 19:06:40.864 04/04/11 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
114 19:06:40.864 04/04/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (SA, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to **.**.**.**
115 19:06:40.879 04/04/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.**.**
116 19:06:40.879 04/04/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (SA, VID(Nat-T), VID(Frag)) from **.**.**.**
117 19:06:40.884 04/04/11 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
118 19:06:40.884 04/04/11 Sev=Info/5 IKE/0x63000001
Peer supports IKE fragmentation payloads
119 19:06:40.884 04/04/11 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
120 19:06:40.884 04/04/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK MM (KE, NON, NAT-D, NAT-D, VID(?), VID(Unity)) to **.**.**.**
121 19:06:40.947 04/04/11 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
122 19:06:40.947 04/04/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
123 19:06:40.983 04/04/11 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = **.**.**.**
124 19:06:40.983 04/04/11 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK MM (KE, NON, CERT_REQ, VID(Unity), VID(Xauth), VID(?), VID(?), NAT-D, NAT-D) from **.**.**.**
125 19:06:40.983 04/04/11 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
126 19:06:40.983 04/04/11 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
127 19:06:40.983 04/04/11 Sev=Info/5 IKE/0x63000082
Received IOS Vendor ID with unknown capabilities flag 0x20000001
128 19:06:41.041 04/04/11 Sev=Info/6 CERT/0x63600034
Attempting to sign the hash for Windows XP or higher.
129 19:06:41.562 04/04/11 Sev=Info/6 CERT/0x63600035
Done with the hash signing with signature length of 0.
130 19:06:41.562 04/04/11 Sev=Info/4 CERT/0xE3600005
Failed to RSA sign the hash for IKE phase 1 negotiation using my certificate.
131 19:06:41.562 04/04/11 Sev=Warning/2 IKE/0xE300009B
Failed to generate signature: Signature generation failed (SigUtil:97)
132 19:06:41.562 04/04/11 Sev=Warning/2 IKE/0xE300009B
Failed to build Signature payload (MsgHandlerMM:489)
133 19:06:41.562 04/04/11 Sev=Warning/2 IKE/0xE300009B
Failed to build MM msg5 (NavigatorMM:312)
134 19:06:41.562 04/04/11 Sev=Warning/2 IKE/0xE30000A7
Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2263)
135 19:06:41.562 04/04/11 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=CE71FA0D95A16DB9 R_Cookie=FA711D6596617B98) reason = DEL_REASON_IKE_NEG_FAILED
136 19:06:41.562 04/04/11 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DEL) to **.**.**.**
137 19:06:42.472 04/04/11 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=CE71FA0D95A16DB9 R_Cookie=FA711D6596617B98) reason = DEL_REASON_IKE_NEG_FAILED
138 19:06:42.472 04/04/11 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "vpn.MYCOMPANY.com" because of "DEL_REASON_IKE_NEG_FAILED"
139 19:06:42.472 04/04/11 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
140 19:06:42.480 04/04/11 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
141 19:06:42.480 04/04/11 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
142 19:06:42.485 04/04/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
143 19:06:42.485 04/04/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
144 19:06:42.485 04/04/11 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
145 19:06:42.485 04/04/11 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
