none
Point-to-Site on Windows 8 Client connection Error 798

    Question

  • Hello,

    Install Certificate and Client Package and when I try to connect it shows the following error

    "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection"

    I have checked both cert are installed under current user in both personal and trusted root, and have tried every resource we can

    We have successfully installed using same settings & process on Windows 7 without problem, the log file is as follows

    ******************************************************************
    Operating System      : Windows NT 6.2 
    Dialler Version        : 7.2.9200.16384
    Connection Name       : Dxxxxxxxxx2
    All Users/Single User : Single User
    Start Date/Time       : 16/05/2013, 15:04:48
    ******************************************************************
    Module Name, Time, Log ID, Log Item Name, Other Info
    For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
    ******************************************************************
    [cmdial32] 15:04:48 22 Clear Log Event
    [cmdial32] 15:04:51 04 Pre-Connect Event ConnectionType = 1
    [cmdial32] 15:04:51 06 Pre-Tunnel Event UserName =  Domain =  DUNSetting = Dxxxxxxxxx2 Tunnel DeviceName =  TunnelAddress = azuregateway-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.cloudapp.net

    Thursday, May 16, 2013 2:09 PM

Answers

All replies

  • Did you ever discover a solution for this? I'm testing now and running into the same issue with Windows 8. I generated my testing certificate with makecert per this:

    http://msdn.microsoft.com/en-us/library/windowsazure/gg551722.aspx

    Noah


    Noah Stahl Percepten.com

    Thursday, May 30, 2013 2:49 AM
  • Hi Noah,

    I have encountered the same issue using Windows 8.

    Mike Nooney

    PayGlobal Ltd.

    Saturday, July 20, 2013 9:26 AM
  • Same issue here, has anyone figured this out yet?
    Tuesday, July 23, 2013 11:15 PM
  • Just had the same issue.

    What I did is to Install the Client certificate ( a second  time!) .. but this one specifying explicit the "personal" store.

    Do know what made the difference (imho this should be the Default anyway) .. but after that it worked.

    Wednesday, July 24, 2013 2:55 PM
  • Hi

    I tried this approach with no luck. So you installed the client cert into Current User -> Personal?

    Also I find that the second time I try to connect the Remote Access Dialer crashes. I.e. 2 Error 798 messages.

    Could you possibly list the steps you went through to get it working?

    Thanks

    Mike

    Saturday, July 27, 2013 5:23 AM
  • I am also experiencing that error, with windows 8.

    Any workaround?

    Monday, July 29, 2013 10:47 AM
  • Hi Pedro

    I tried again with a different Windows 8 machine. It worked this time when I placed the client cert

    into Current User -> Personal store.

    The VPN client connected first time without any Error 798 message.

    However it seems once I went down the wrong track on the first machine I could not correct it.

    Regards

    Mike

    Monday, July 29, 2013 7:39 PM
  • Hi Pedro

    I tried again with a different Windows 8 machine. It worked this time when I placed the client cert

    into Current User -> Personal store.

    The VPN client connected first time without any Error 798 message.

    However it seems once I went down the wrong track on the first machine I could not correct it.

    Thanks for the insight!

    The problem is that I went for the wrong track on my personal machine, and I am not able to correct it by putting into the Personal Store.  Going to another machine is not an option on this case.

    Creating another network could correct it, but would imply creating the virtual machines from scrach.

    Is Microsoft aware of this bug in the VPN implementation? 

    It is strange since it is on the newest version of the flagship operating system... not particularly a niche case, I would guess.

    Tuesday, July 30, 2013 4:57 PM
  • Any update from Microsoft support?

    I have the same issue on Windows 8 and Windows Server 2008

    Wednesday, July 31, 2013 8:55 PM
  • Problem solved on my side!!

    I was only creating the "server certificate", the one that is uploaded to azure.

    You need to create a "cliente certificate" as well.

    Please find instructions in the following post (you will have to search it since I am not able to post links): 

    Setting up point-to-site VPN certificates


     

    Monday, August 05, 2013 5:17 PM
  • Hi,

    I am facing the same problem with windows 8.1.

    I have installed a second time but doesn't work.

    Is there any solution for this problem?

    Regards

    Gregory

    Sunday, October 27, 2013 9:36 AM
  • Hi guys. any news so far?

    Same issue here with Windows 8.1

    I'm also surprised to see the vpn executable doesn't pass the windows smart screen filtering but I don't care

    just wanna see the Point-to-Site VPN working!

    Thanks,

    Tamir


    Tamir Levy

    Sunday, November 24, 2013 9:22 PM
  • Hi all,

    I had the same issue but found a work around. Perform the following steps after you create certificates, upload a root certificate, and install a VPN package as guided in MSDN site:

    1. Run ncpa.cpl and confirm a target FQDN of a VPN connection for Point-To-Site which begins with "azuregateway" in detail view.
    2. Create a VPN connection manually from "Network and Sharing Center" with the target FQDN.
    3. Open properties of the manually-created VPN connection.
    4. In "Authentication" of "Security" tab, select "Use Extensible Authetincation Protocol" and "Microsoft: Smart Card or other certificate", and click "Properties".
    5. In "When connecting", select "Use a certificate on this computer".
    6. Click "OK" to close a dialog.
    7. In "Networking" tab, select "Internet Protocol Version 4" and click "Properties".
    8. Click "Advanced" and uncheck "Use default gateway on remote network".
    9. Click "OK" thrice to close all dialogs
    10. Start the manually-created VPN connection. If you are required to select a certificate, select the client certificate you created. And you need to accept the connection target only at the first time.

    Note: After the manually-created VPN connection worked well once, the VPN connection created by package installation also worked well in my environment. What a mystery...


    Yutaka








    • Edited by Yutaka, N Saturday, February 08, 2014 10:14 AM
    Saturday, February 08, 2014 9:44 AM
  • Thank you! Now working.
    Sunday, February 09, 2014 6:50 AM
  • I am on a client machine. After an attempt to connect using those steps exactly, I am on my way when I get this:

    I had the VPN set to "automatic" (no change from default) and I got "error 800: the remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly."

    Also when I try to ping the IP associated with the azure gateway in terminal it fails.

    Monday, February 10, 2014 4:04 PM
  • Here is the solution.

    Make sure you have already created your Root and Client Certificate.  If not, perform these steps following instructions from http://msdn.microsoft.com/en-us/library/dn133792.aspx

    • Root Certificate: makecert -sky exchange -r -n "CN=AZMgmtRootCert" -pe -a sha1 -len 2048 -ss My "AZMgmtRootCert.cer"
    • Client Certificate: makecert.exe -n "CN=AZMgmtClientCert" -pe -sky exchange -m 96 -ss My -in "AZMgmtRootCert" -is my -a sha1

    Make sure the AZMgmtRootCert.cer file is uploaded to the Virtual Network Certificates section.

    Now from the workstation that created those certificates:

    1. Load MMC, Add the "Certificates" Snap In for "My user account".
    2. Go into Personal / Certificates
    3. Right click on "AZMgmtRootCert" -> All Tasks -> Export
    4. Export the Private Key as a part of the process, but keep the rest of the defaults.
    5. Name it as AZMgmtClientCert.pfx

    On the workstation that you want to allow to connect (even Windows 8 / 8.1 workstations)

    1. Install AZMgmtRootCert.cer (Place the certificate in the "Personal" Certificate Store) 
    2. Install AZMgmtClientCert.pfx (Place the certificate in the "Personal" Certificate Store)

    You should now be able to connect to the Virtual Network on that workstation.

    Friday, May 02, 2014 10:52 PM
  • I'm experiencing this same issue. I followed the directions to use makecert.exe to generate the self-signed root certificate, and the client VPN certificate. Does the client certificate have to be exported, if I'm using the VPN connection from the same computer that I'm connecting from?

    Cheers,
    Trevor Sullivan
    Microsoft PowerShell MVP


    If this post was helpful, please click the little "Vote as Helpful" button :)

    Trevor Sullivan
    Trevor Sullivan's Tech Room
    Twitter Profile

    Monday, May 05, 2014 5:45 PM
  • Hi Jason,

    Are you saing the server certificate shuld allso be install on the client ?

    Friday, May 30, 2014 6:49 PM
  • Ok, just had this issue.

    Solution for me was the make sure it was a user certificate and not a computer one!

    I used my own CA, uploaded the CA cert to Azure and created a user cert for the client.

    Worked fine. Doesnt work with a computer cert!


    Onion

    Sunday, June 08, 2014 4:12 PM
  • I have tried all the recommendations here. I got the manual vpn connection answer to work connect but still cannot see my servers in the virtual network. I would like an answer to this quickly as I am thinking about switching to amazons cloud service.  Windows 8.1 Pro.

    Eric


    • Edited by eenuckols Friday, June 20, 2014 7:11 AM
    Friday, June 20, 2014 7:10 AM
  • Hey Yutaka! I dont get your solution. What is a FQDN and when i run ncpa.cpl only the network connection page will open. On my client Win 7 I got an connection to Azure VPN but on my Win 8.1 client the error appears (798) no certification found.

    Thanks

    Chris

    Wednesday, July 02, 2014 2:55 PM