Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, December 11, 2019 7:11 AM
Hi, recently I got this error when connecting to "L2TP/IPSec with certificate" VPN with Windows 10. I'm not sure what cause this since my friend can connect to it normally using same configuration and same routers.
I have already follow some of this steps with no luck :
- Adding AssumeUDPEncapsulationContextOnSendRule
- Restarting both IKA and IPSec services
- Allowing both CHAP and MS-CHAP v2
- Reset network connection
- Connect to different provider
- Re-adding VPN settings
- Allowing 500, 4500 in the inbound and outbound firewall rule
- Disable firewall
There also little bit information can be found in the event viewer :
CoId={AEE0E2A8-34DF-41BB-B5F0-0458EFD41751}: The user xxx\xxx has started dialing a VPN connection using a per-user connection profile named yes. The connection settings are:
Dial-in User = *\
VpnStrategy = L2TP
DataEncryption = Requested
PrerequisiteEntry =
AutoLogon = No
UseRasCredentials = Yes
Authentication Type = PAP
Ipv4DefaultGateway = Yes
Ipv4AddressAssignment = By Server
Ipv4DNSServerAssignment = By Server
Ipv6DefaultGateway = Yes
Ipv6AddressAssignment = By Server
Ipv6DNSServerAssignment = By Server
IpDnsFlags =
IpNBTEnabled = Yes
UseFlags = Private Connection
ConnectOnWinlogon = No
IPsec authentication for L2TP = Machine certificate.
CoId={AEE0E2A8-34DF-41BB-B5F0-0458EFD41751}: The user xxx\xxx is trying to establish a link to the Remote Access Server for the connection named yes using the following device:
Server address/Phone Number = xxx.xxx.xxx.xxx
Device = WAN Miniport (L2TP)
Port = VPN3-1
MediaType = VPN.
CoId={AEE0E2A8-34DF-41BB-B5F0-0458EFD41751}: The user xxx\xxx dialed a connection named yes which has failed. The error code returned on failure is 788.
I was wondering if some apps probably causing this error, but i have no idea which one.
All replies (4)
Tuesday, December 17, 2019 7:20 AM âś…Answered
Hi,
I'm already solve this problem. This issue came after i install the Visual Studio 2019 Community Edition. After i uninstall VS, the VPN works again.
I'm now trying to find another workaround so i can install the VS while also connect to the VPN.
Wednesday, December 11, 2019 9:05 AM
Hello Syafi'i Azami,
Error code 788 has the symbolic name ERROR_OAKLEY_ATTRIB_FAIL and probably indicates that no common set of security parameters could be negotiated.
You can either ask the service provider what algorithms and parameters are acceptable or ask your friend to check what values they managed to negotiate.
One way of checking what was negotiated would be to use the PowerShell cmdlets Get-NetIPsecMainModeSA and Get-NetIPsecQuickModeSA.
Here is the relevant information in the Get-NetIPsecMainModeSA output:
CipherAlgorithm : AES256
HashAlgorithm : SHA1
GroupId : DH20
This is the relevant information in the Get-NetIPsecQuickModeSA output:
FirstIntegrityAlgorithm : SHA1
FirstCipherAlgorithm : AES256
PfsGroupId : None
If the default client proposals cannot be reconciled with the server expectations, then the cmdlet Set-VpnConnectionIPsecConfiguration can be used to configure the algorithms and parameters that the client proposes.
Gary
Thursday, December 12, 2019 7:46 AM
Hi,
>>CoId={AEE0E2A8-34DF-41BB-B5F0-0458EFD41751}: The user xxx\xxx dialed a connection named yes which has failed. The error code returned on failure is 788.
Based on my knowledge, The L2TP connection attempt failed because the security layer could not negotiate compatible parameters with the remote
computer both (manually) and (automatically).
About error 788, you can refer the following link to fix:
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Hope this can help you, if you have anything unclear, please let me know.
Have a nice day!
Ellen
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, December 17, 2019 7:31 AM
Hi,
Thank you for sharing your solution.
We are looking forward to your good news.
Have a nice day!
Ellen
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].