Point-to-Site on Windows 8 Client connection Error 798


  • Hello,

    Install Certificate and Client Package and when I try to connect it shows the following error

    "A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection"

    I have checked both cert are installed under current user in both personal and trusted root, and have tried every resource we can

    We have successfully installed using same settings & process on Windows 7 without problem, the log file is as follows

    Operating System      : Windows NT 6.2 
    Dialler Version        : 7.2.9200.16384
    Connection Name       : Dxxxxxxxxx2
    All Users/Single User : Single User
    Start Date/Time       : 16/05/2013, 15:04:48
    Module Name, Time, Log ID, Log Item Name, Other Info
    For Connection Type, 0=dial-up, 1=VPN, 2=VPN over dial-up
    [cmdial32] 15:04:48 22 Clear Log Event
    [cmdial32] 15:04:51 04 Pre-Connect Event ConnectionType = 1
    [cmdial32] 15:04:51 06 Pre-Tunnel Event UserName =  Domain =  DUNSetting = Dxxxxxxxxx2 Tunnel DeviceName =  TunnelAddress =

    Thursday, May 16, 2013 2:09 PM


All replies

  • Did you ever discover a solution for this? I'm testing now and running into the same issue with Windows 8. I generated my testing certificate with makecert per this:


    Noah Stahl

    Thursday, May 30, 2013 2:49 AM
  • Hi Noah,

    I have encountered the same issue using Windows 8.

    Mike Nooney

    PayGlobal Ltd.

    Saturday, July 20, 2013 9:26 AM
  • Same issue here, has anyone figured this out yet?
    Tuesday, July 23, 2013 11:15 PM
  • Just had the same issue.

    What I did is to Install the Client certificate ( a second  time!) .. but this one specifying explicit the "personal" store.

    Do know what made the difference (imho this should be the Default anyway) .. but after that it worked.

    Wednesday, July 24, 2013 2:55 PM
  • Hi

    I tried this approach with no luck. So you installed the client cert into Current User -> Personal?

    Also I find that the second time I try to connect the Remote Access Dialer crashes. I.e. 2 Error 798 messages.

    Could you possibly list the steps you went through to get it working?



    Saturday, July 27, 2013 5:23 AM
  • I am also experiencing that error, with windows 8.

    Any workaround?

    Monday, July 29, 2013 10:47 AM
  • Hi Pedro

    I tried again with a different Windows 8 machine. It worked this time when I placed the client cert

    into Current User -> Personal store.

    The VPN client connected first time without any Error 798 message.

    However it seems once I went down the wrong track on the first machine I could not correct it.



    Monday, July 29, 2013 7:39 PM
  • Hi Pedro

    I tried again with a different Windows 8 machine. It worked this time when I placed the client cert

    into Current User -> Personal store.

    The VPN client connected first time without any Error 798 message.

    However it seems once I went down the wrong track on the first machine I could not correct it.

    Thanks for the insight!

    The problem is that I went for the wrong track on my personal machine, and I am not able to correct it by putting into the Personal Store.  Going to another machine is not an option on this case.

    Creating another network could correct it, but would imply creating the virtual machines from scrach.

    Is Microsoft aware of this bug in the VPN implementation? 

    It is strange since it is on the newest version of the flagship operating system... not particularly a niche case, I would guess.

    Tuesday, July 30, 2013 4:57 PM
  • Any update from Microsoft support?

    I have the same issue on Windows 8 and Windows Server 2008

    Wednesday, July 31, 2013 8:55 PM
  • Problem solved on my side!!

    I was only creating the "server certificate", the one that is uploaded to azure.

    You need to create a "cliente certificate" as well.

    Please find instructions in the following post (you will have to search it since I am not able to post links): 

    Setting up point-to-site VPN certificates


    Monday, August 05, 2013 5:17 PM
  • Hi,

    I am facing the same problem with windows 8.1.

    I have installed a second time but doesn't work.

    Is there any solution for this problem?



    Sunday, October 27, 2013 9:36 AM
  • Hi guys. any news so far?

    Same issue here with Windows 8.1

    I'm also surprised to see the vpn executable doesn't pass the windows smart screen filtering but I don't care

    just wanna see the Point-to-Site VPN working!



    Tamir Levy

    Sunday, November 24, 2013 9:22 PM
  • Hi all,

    I had the same issue but found a work around. Perform the following steps after you create certificates, upload a root certificate, and install a VPN package as guided in MSDN site:

    1. Run ncpa.cpl and confirm a target FQDN of a VPN connection for Point-To-Site which begins with "azuregateway" in detail view.
    2. Create a VPN connection manually from "Network and Sharing Center" with the target FQDN.
    3. Open properties of the manually-created VPN connection.
    4. In "Authentication" of "Security" tab, select "Use Extensible Authetincation Protocol" and "Microsoft: Smart Card or other certificate", and click "Properties".
    5. In "When connecting", select "Use a certificate on this computer".
    6. Click "OK" to close a dialog.
    7. In "Networking" tab, select "Internet Protocol Version 4" and click "Properties".
    8. Click "Advanced" and uncheck "Use default gateway on remote network".
    9. Click "OK" thrice to close all dialogs
    10. Start the manually-created VPN connection. If you are required to select a certificate, select the client certificate you created. And you need to accept the connection target only at the first time.

    Note: After the manually-created VPN connection worked well once, the VPN connection created by package installation also worked well in my environment. What a mystery...


    • Edited by Yutaka, N Saturday, February 08, 2014 10:14 AM
    Saturday, February 08, 2014 9:44 AM
  • Thank you! Now working.
    Sunday, February 09, 2014 6:50 AM
  • I am on a client machine. After an attempt to connect using those steps exactly, I am on my way when I get this:

    I had the VPN set to "automatic" (no change from default) and I got "error 800: the remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly."

    Also when I try to ping the IP associated with the azure gateway in terminal it fails.

    Monday, February 10, 2014 4:04 PM
  • Here is the solution.

    Make sure you have already created your Root and Client Certificate.  If not, perform these steps following instructions from

    • Root Certificate: makecert -sky exchange -r -n "CN=AZMgmtRootCert" -pe -a sha1 -len 2048 -ss My "AZMgmtRootCert.cer"
    • Client Certificate: makecert.exe -n "CN=AZMgmtClientCert" -pe -sky exchange -m 96 -ss My -in "AZMgmtRootCert" -is my -a sha1

    Make sure the AZMgmtRootCert.cer file is uploaded to the Virtual Network Certificates section.

    Now from the workstation that created those certificates:

    1. Load MMC, Add the "Certificates" Snap In for "My user account".
    2. Go into Personal / Certificates
    3. Right click on "AZMgmtRootCert" -> All Tasks -> Export
    4. Export the Private Key as a part of the process, but keep the rest of the defaults.
    5. Name it as AZMgmtClientCert.pfx

    On the workstation that you want to allow to connect (even Windows 8 / 8.1 workstations)

    1. Install AZMgmtRootCert.cer (Place the certificate in the "Personal" Certificate Store) 
    2. Install AZMgmtClientCert.pfx (Place the certificate in the "Personal" Certificate Store)

    You should now be able to connect to the Virtual Network on that workstation.

    Friday, May 02, 2014 10:52 PM
  • I'm experiencing this same issue. I followed the directions to use makecert.exe to generate the self-signed root certificate, and the client VPN certificate. Does the client certificate have to be exported, if I'm using the VPN connection from the same computer that I'm connecting from?

    Trevor Sullivan
    Microsoft PowerShell MVP

    If this post was helpful, please click the little "Vote as Helpful" button :)

    Trevor Sullivan
    Trevor Sullivan's Tech Room
    Twitter Profile

    Monday, May 05, 2014 5:45 PM
  • Hi Jason,

    Are you saing the server certificate shuld allso be install on the client ?

    Friday, May 30, 2014 6:49 PM
  • Ok, just had this issue.

    Solution for me was the make sure it was a user certificate and not a computer one!

    I used my own CA, uploaded the CA cert to Azure and created a user cert for the client.

    Worked fine. Doesnt work with a computer cert!


    Sunday, June 08, 2014 4:12 PM
  • I have tried all the recommendations here. I got the manual vpn connection answer to work connect but still cannot see my servers in the virtual network. I would like an answer to this quickly as I am thinking about switching to amazons cloud service.  Windows 8.1 Pro.


    • Edited by eenuckols Friday, June 20, 2014 7:11 AM
    Friday, June 20, 2014 7:10 AM
  • Hey Yutaka! I dont get your solution. What is a FQDN and when i run ncpa.cpl only the network connection page will open. On my client Win 7 I got an connection to Azure VPN but on my Win 8.1 client the error appears (798) no certification found.



    Wednesday, July 02, 2014 2:55 PM
  • After about an hour of working through the MS instructions, I found your solution.  You have just enough additional detail to get my VPN Certificates setup correctly.  Thanks, Jason.  You get my vote.


    • Edited by Mario5280 Wednesday, August 13, 2014 10:39 PM
    Wednesday, August 13, 2014 10:13 PM
  • The solution is installing the root .cer in addition to the client .pfx.

    Thanks Jason!

    Monday, September 08, 2014 8:30 AM