Establishing a  VPN  Security Association via IKEv2 ISAKMP

I have to establish VPN connections for remote Windows 7/8 clients.

I have a Redhat Linux 7 Firewall & Authentication Server that the client will establish a VPN connection in order to access the company network.

On my test win7 client I have selected IKEv2 using machine certificates (NO userID or PW) on the connection definition.

I imported a self-signed CA certificate into the Trusted CA Store (Local Computer)

I also imported a client certificate  (signed by my CA) into the Personal Certificate Store (Local Computer) 

Both certificates were generated using the certutil tool on the redhat 7 server.

The connection fails during the Security Association setup.

The win7 client initiates the session 

From my Linux "Pluto" logs I can see where the ISAKMP negotiation takes place matching the security policy parameters sent by the 

win7 client: (offered is from the win7 client)

                                          proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1))
                                          considering Transform Type TRANS_TYPE_INTEG, TransID 2
                                          succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1))
                                          considering Transform Type TRANS_TYPE_PRF, TransID 2
                                          succeeded prf=  (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1))
                                          considering Transform Type TRANS_TYPE_DH, TransID 2
                                          succeeded dh=   (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024)

Once the security policy has been established the next step is the Internet Key Exchange(IKE)

                                          DH public value received:                                                   <--- From the win7 client (my comment)
                                            86 8a 19 17  28 ba 08 59  08 db 60 ac  f1 61 bf d1
                                            32 2e a2 93  4c 1a 1f 8c  3d 39 c5 2d  f0 70 60 0c
                                            f9 d2 09 4b  5f b3 8c c8  8d c7 3a 32  8a 0c b0 47
                                            84 3b b7 27  81 ea de c6  f7 e5 1a 52  44 30 0c 2b
                                            8b e0 7c e0  32 94 fe a4  7c ab 3c 94  4a 58 2e 21
                                            e3 7d fa 38  54 88 50 16  9d c9 82 ee  b4 ee fa 34
                                            2d 46 10 11  0f ca 73 69  4d a9 b7 71  c8 17 80 f0
                                            74 a0 55 77  48 1e 9e 4b  b5 97 51 b5  a4 42 01 93
                                         saving DH priv (local secret) and pub key into state struct
                                         ***emit IKEv2 Key Exchange Payload:
                                         IKEv2 next payload type: ISAKMP_NEXT_v2Ni
                                         flags: none

                                        DH group: OAKLEY_GROUP_MODP1024
                                        emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
                                        ikev2 g^x  96 0a a9 d0  d7 83 6f 04  ef f8 92 ae  e1 37 ad 8d
                                        ikev2 g^x  e4 f1 a0 90  69 14 32 77  ac 71 7f a1  22 2a 7b a1
                                        ikev2 g^x  2b 95 65 2b  cd b4 28 86  d7 d9 26 16  e9 d1 68 52
                                        ikev2 g^x  ed f9 aa b0  3f 47 72 dd  aa 50 d3 8d  84 b3 4a ff
                                        ikev2 g^x  63 e3 9e 99  b6 48 f3 3d  d3 7f 0d 2e  d9 b0 5f 59
                                        ikev2 g^x  c1 0a 82 33  e4 8c 38 72  8d 7c 24 bb  2f 35 c7 b3
                                        ikev2 g^x  87 ca c1 e8  e5 0f 69 bc  2d b0 d3 37  e8 fa 9c b6
                                        ikev2 g^x  3e cf 5e e0  ac f4 9f fe  78 0a c3 6a  cb f0 3d 00
                                        emitting length of IKEv2 Key Exchange Payload: 136
                                        ***emit IKEv2 Nonce Payload:
                                        next payload type: ISAKMP_NEXT_v2N
                                        flags: none

                                        no IKE message padding required for IKEv2
                                        emitting length of ISAKMP Message: 284
                                        complete v2 state transition from STATE_PARENT_R1 with STF_OK
                                      "remote-x509"[4] 107.223.51.98 #4: transition from state STATE_IKEv2_START to state STATE_PARENT_R1
                                      "remote-x509"[4] 107.223.51.98 #4: STATE_PARENT_R1: received v2I1,

                                       sent v2R1 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024}
                                       sending reply packet to 107.223.51.98:500 (from port 500)
                                       sending 284 bytes for STATE_IKEv2_START through enp3s0:500 to 107.223.51.98:500 (using #4)
                                       de ea 92 2d  80 d9 33 36  d1 da 58 04  51 7f 52 96
                                       21 20 22 20  00 00 00 00  00 00 01 1c  22 00 00 2c
                                       00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
                                       03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
                                       00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
                                       96 0a a9 d0  d7 83 6f 04  ef f8 92 ae  e1 37 ad 8d
                                       e4 f1 a0 90  69 14 32 77  ac 71 7f a1  22 2a 7b a1
                                       2b 95 65 2b  cd b4 28 86  d7 d9 26 16  e9 d1 68 52
                                       ed f9 aa b0  3f 47 72 dd  aa 50 d3 8d  84 b3 4a ff
                                       63 e3 9e 99  b6 48 f3 3d  d3 7f 0d 2e  d9 b0 5f 59
                                       c1 0a 82 33  e4 8c 38 72  8d 7c 24 bb  2f 35 c7 b3
                                       87 ca c1 e8  e5 0f 69 bc  2d b0 d3 37  e8 fa 9c b6
                                       3e cf 5e e0  ac f4 9f fe  78 0a c3 6a  cb f0 3d 00
                                       29 00 00 14  aa f7 15 96  9a fa 41 22  bd 6b b5 e0
                                       50 52 e0 6f  29 00 00 1c  00 00 40 04  ba ba 97 d5
                                       d5 b4 e8 79  01 4c ad 6e  65 10 7d 70  27 15 d3 2e
                                       00 00 00 1c  00 00 40 05  33 21 4c 2d  01 ef ab 32
                                       c7 99 65 0d  49 99 e6 ad  1d 01 2e 40

*****************************************************************************************************************************

Win7 WFP IPsec trace:

Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1023
Task Category: None
Level:         Information
Keywords:      (4294967296)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
IPsec: Negotiation Request Initiated
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1023</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.279917800Z" />
    <EventRecordID>0</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="1748" ProcessorID="1" KernelTime="1" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="KeyingModule">IKEv2</Data>
    <Data Name="AcquireContext">1</Data>
    <Data Name="LocalAddressLength">16</Data>
    <Data Name="LocalAddress">02000000C0A80A200000000000000000</Data>
    <Data Name="RemoteAddressLength">16</Data>
    <Data Name="RemoteAddress">02000000453663840000000000000000</Data>
    <Data Name="Mode">Tunnel Mode</Data>
    <Data Name="FilterId">9223372036854775813</Data>
    <Data Name="IPProtocol">0</Data>
    <Data Name="InterfaceLuid">0</Data>
    <Data Name="ProfileId">0</Data>
    <Data Name="LocalUdpEncapPort">0</Data>
    <Data Name="RemoteUdpEncapPort">0</Data>
    <Data Name="MMTargetName">redriver01.ids4zos.net</Data>
    <Data Name="EMTargetName">NULL</Data>
    <Data Name="NumTokens">0</Data>
    <Data Name="Token1Type">NULL</Data>
    <Data Name="Token1Principal">NULL</Data>
    <Data Name="Token1Mode">NULL</Data>
    <Data Name="Token1">0</Data>
    <Data Name="Token2Type">NULL</Data>
    <Data Name="Token2Principal">NULL</Data>
    <Data Name="Token2Mode">NULL</Data>
    <Data Name="Token2">0</Data>
    <Data Name="Token3Type">NULL</Data>
    <Data Name="Token3Principal">NULL</Data>
    <Data Name="Token3Mode">NULL</Data>
    <Data Name="Token3">0</Data>
    <Data Name="Token4Type">NULL</Data>
    <Data Name="Token4Principal">NULL</Data>
    <Data Name="Token4Mode">NULL</Data>
    <Data Name="Token4">0</Data>
    <Data Name="VirtualIfTunnelId">1</Data>
    <Data Name="TrafficSelectorId">1</Data>
    <Data Name="Flags">24</Data>
    <Data Name="RekeySPI">0</Data>
    <Data Name="OrigVirtualIfTunnelId">0</Data>
    <Data Name="PacketLocalAddressLength">0</Data>
    <Data Name="PacketLocalAddress">
    </Data>
    <Data Name="PacketRemoteAddressLength">0</Data>
    <Data Name="PacketRemoteAddress">
    </Data>
    <Data Name="PacketIPProtocol">0</Data>
    <Data Name="PacketInterfaceLuid">0</Data>
    <Data Name="PacketProfileId">0</Data>
  </EventData>
</Event>
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1024
Task Category: None
Level:         Information
Keywords:      (4294967296)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
IPsec: Send ISAKMP Packet
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1024</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.295981900Z" />
    <EventRecordID>1</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="0" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ICookie">deea922d80d93336</Data>
    <Data Name="RCookie">0000000000000000</Data>
    <Data Name="ExchangeType">IKEv2 SA Init Mode</Data>
    <Data Name="Length">528</Data>
    <Data Name="NextPayload">SA</Data>
    <Data Name="Flags">8</Data>
    <Data Name="MessageID">0</Data>
    <Data Name="LocalAddress">192.168.10.32</Data>
    <Data Name="LocalPort">500</Data>
    <Data Name="LocalProtocol">0</Data>
    <Data Name="RemoteAddress">69.54.99.132</Data>
    <Data Name="RemotePort">500</Data>
    <Data Name="RemoteProtocol">0</Data>
    <Data Name="InterfaceLuid">1688849960927232</Data>
  </EventData>
</Event>
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1025
Task Category: None
Level:         Information
Keywords:      (8589934592)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
IPsec: Receive ISAKMP Packet
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1025</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000200000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.526519200Z" />
    <EventRecordID>2</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="0" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ICookie">deea922d80d93336</Data>
    <Data Name="RCookie">d1da5804517f5296</Data>
    <Data Name="ExchangeType">IKEv2 SA Init Mode</Data>
    <Data Name="Length">284</Data>
    <Data Name="NextPayload">SA</Data>
    <Data Name="Flags">32</Data>
    <Data Name="MessageID">0</Data>
    <Data Name="LocalAddress">192.168.10.32</Data>
    <Data Name="LocalPort">500</Data>
    <Data Name="LocalProtocol">0</Data>
    <Data Name="RemoteAddress">69.54.99.132</Data>
    <Data Name="RemotePort">500</Data>
    <Data Name="RemoteProtocol">0</Data>
    <Data Name="InterfaceLuid">1688849960927232</Data>
    <Data Name="ProfileId">2</Data>
  </EventData>
</Event>
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558168900Z" />
    <EventRecordID>3</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">CryptAcquireCertificatePrivateKey</Data>
    <Data Name="ErrorCode">2148081675</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558171100Z" />
    <EventRecordID>4</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeGetSigKeyProv</Data>
    <Data Name="ErrorCode">2147956220</Data>
  </EventData>
</Event>
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558179900Z" />
    <EventRecordID>5</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeFindLocalCertChainHelper</Data>
    <Data Name="ErrorCode">13806</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558189200Z" />
    <EventRecordID>6</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeFindLocalCertChainHelper</Data>
    <Data Name="ErrorCode">13806</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558749300Z" />
    <EventRecordID>7</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">CryptAcquireCertificatePrivateKey</Data>
    <Data Name="ErrorCode">2148081675</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558751000Z" />
    <EventRecordID>8</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeGetSigKeyProv</Data>
    <Data Name="ErrorCode">2147956220</Data>
  </EventData>
</Event>
 
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558756300Z" />
    <EventRecordID>9</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeFindLocalCertChainHelper</Data>
    <Data Name="ErrorCode">13806</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.566271700Z" />
    <EventRecordID>28</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="3" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeProcessPacket</Data>
    <Data Name="ErrorCode">2147956206</Data>
  </EventData>
</Event>

Note: At this point the client certificate and it's associated Trusted CA are NOT involved.

It appears that win7 is issuing a 13806 error during the ISAKMP Phase 1 "Key Exchange".

A special Diffie-Hellman Public/Private key pair is generated in order to establish a Security Association.

it seems that win7 cannot find the Diffie-Hellman private key.

<EventData>
    <Data Name="Function">CryptAcquireCertificatePrivateKey</Data>
    <Data Name="ErrorCode">2148081675</Data>
  </EventData>

The Redhat 7 IPsec IKEv2 process has accepted the Policy Parameters sent by the win7 client.

The server sends the appropriate  response back. 

Why can't win7 find the private key?

How does the win7 logic process ISAKMP Key Exchanges ? 

Cheers

Guy

   

May 24th, 2015 5:08pm

I have to establish VPN connections for remote Windows 7/8 clients.

I have a Redhat Linux 7 Firewall & Authentication Server that the client will establish a VPN connection in order to access the company network.

On my test win7 client I have selected IKEv2 using machine certificates (NO userID or PW) on the connection definition.

I imported a self-signed CA certificate into the Trusted CA Store (Local Computer)

I also imported a client certificate  (signed by my CA) into the Personal Certificate Store (Local Computer)

Both certificates were generated using the certutil tool on the redhat 7 server.

The connection fails during the Security Association setup.

The win7 client initiates the session

From my Linux "Pluto" logs I can see where the ISAKMP negotiation takes place matching the security policy parameters sent by the

win7 client: (offered is from the win7 client)

                                          proposal 1 succeeded encr= (policy:3DES(-1) vs offered:3DES(-1))
                                          considering Transform Type TRANS_TYPE_INTEG, TransID 2
                                          succeeded integ=(policy:AUTH_HMAC_SHA1_96(-1) vs offered:AUTH_HMAC_SHA1_96(-1))
                                          considering Transform Type TRANS_TYPE_PRF, TransID 2
                                          succeeded prf=  (policy:PRF_HMAC_SHA1(-1) vs offered:PRF_HMAC_SHA1(-1))
                                          considering Transform Type TRANS_TYPE_DH, TransID 2
                                          succeeded dh=   (policy:OAKLEY_GROUP_MODP1024 vs offered:OAKLEY_GROUP_MODP1024)
Once the security policy has been established the next step is the Internet Key Exchange(IKE)

                                          DH public value received:           <--- From the win7 client (my comment)
                                            86 8a 19 17  28 ba 08 59  08 db 60 ac  f1 61 bf d1
                                            32 2e a2 93  4c 1a 1f 8c  3d 39 c5 2d  f0 70 60 0c
                                            f9 d2 09 4b  5f b3 8c c8  8d c7 3a 32  8a 0c b0 47
                                            84 3b b7 27  81 ea de c6  f7 e5 1a 52  44 30 0c 2b
                                            8b e0 7c e0  32 94 fe a4  7c ab 3c 94  4a 58 2e 21
                                            e3 7d fa 38  54 88 50 16  9d c9 82 ee  b4 ee fa 34
                                            2d 46 10 11  0f ca 73 69  4d a9 b7 71  c8 17 80 f0
                                            74 a0 55 77  48 1e 9e 4b  b5 97 51 b5  a4 42 01 93
                                         saving DH priv (local secret) and pub key into state struct
                                         ***emit IKEv2 Key Exchange Payload:
                                         IKEv2 next payload type: ISAKMP_NEXT_v2Ni
                                         flags: none

                                        DH group: OAKLEY_GROUP_MODP1024
                                        emitting 128 raw bytes of ikev2 g^x into IKEv2 Key Exchange Payload
                                        ikev2 g^x  96 0a a9 d0  d7 83 6f 04  ef f8 92 ae  e1 37 ad 8d
                                        ikev2 g^x  e4 f1 a0 90  69 14 32 77  ac 71 7f a1  22 2a 7b a1
                                        ikev2 g^x  2b 95 65 2b  cd b4 28 86  d7 d9 26 16  e9 d1 68 52
                                        ikev2 g^x  ed f9 aa b0  3f 47 72 dd  aa 50 d3 8d  84 b3 4a ff
                                        ikev2 g^x  63 e3 9e 99  b6 48 f3 3d  d3 7f 0d 2e  d9 b0 5f 59
                                        ikev2 g^x  c1 0a 82 33  e4 8c 38 72  8d 7c 24 bb  2f 35 c7 b3
                                        ikev2 g^x  87 ca c1 e8  e5 0f 69 bc  2d b0 d3 37  e8 fa 9c b6
                                        ikev2 g^x  3e cf 5e e0  ac f4 9f fe  78 0a c3 6a  cb f0 3d 00
                                        emitting length of IKEv2 Key Exchange Payload: 136
                                        ***emit IKEv2 Nonce Payload:
                                        next payload type: ISAKMP_NEXT_v2N
                                        flags: none
 no IKE message padding required for IKEv2
                                        emitting length of ISAKMP Message: 284
                                        complete v2 state transition from STATE_PARENT_R1 with STF_OK
                                      "remote-x509"[4] 107.223.51.98 #4: transition from state STATE_IKEv2_START to state STATE_PARENT_R1
                                      "remote-x509"[4] 107.223.51.98 #4: STATE_PARENT_R1: received v2I1,

                                       sent v2R1 {auth=IKEv2 cipher=oakley_3des_cbc_192 integ=sha1_96 prf=sha group=MODP1024}
                                       sending reply packet to 107.223.51.98:500 (from port 500)
                                       sending 284 bytes for STATE_IKEv2_START through enp3s0:500 to 107.223.51.98:500 (using #4)
                                       de ea 92 2d  80 d9 33 36  d1 da 58 04  51 7f 52 96
                                       21 20 22 20  00 00 00 00  00 00 01 1c  22 00 00 2c
                                       00 00 00 28  01 01 00 04  03 00 00 08  01 00 00 03
                                       03 00 00 08  03 00 00 02  03 00 00 08  02 00 00 02
                                       00 00 00 08  04 00 00 02  28 00 00 88  00 02 00 00
                                       96 0a a9 d0  d7 83 6f 04  ef f8 92 ae  e1 37 ad 8d
                                       e4 f1 a0 90  69 14 32 77  ac 71 7f a1  22 2a 7b a1
                                       2b 95 65 2b  cd b4 28 86  d7 d9 26 16  e9 d1 68 52
                                       ed f9 aa b0  3f 47 72 dd  aa 50 d3 8d  84 b3 4a ff
                                       63 e3 9e 99  b6 48 f3 3d  d3 7f 0d 2e  d9 b0 5f 59
                                       c1 0a 82 33  e4 8c 38 72  8d 7c 24 bb  2f 35 c7 b3
                                       87 ca c1 e8  e5 0f 69 bc  2d b0 d3 37  e8 fa 9c b6
                                       3e cf 5e e0  ac f4 9f fe  78 0a c3 6a  cb f0 3d 00
                                       29 00 00 14  aa f7 15 96  9a fa 41 22  bd 6b b5 e0
                                       50 52 e0 6f  29 00 00 1c  00 00 40 04  ba ba 97 d5
                                       d5 b4 e8 79  01 4c ad 6e  65 10 7d 70  27 15 d3 2e
                                       00 00 00 1c  00 00 40 05  33 21 4c 2d  01 ef ab 32
                                       c7 99 65 0d  49 99 e6 ad  1d 01 2e 40

*****************************************************************************************************************************

Win7 WFP IPsec trace:

Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1023
Task Category: None
Level:         Information
Keywords:      (4294967296)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
IPsec: Negotiation Request Initiated
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1023</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.279917800Z" />
    <EventRecordID>0</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="1748" ProcessorID="1" KernelTime="1" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="KeyingModule">IKEv2</Data>
    <Data Name="AcquireContext">1</Data>
    <Data Name="LocalAddressLength">16</Data>
    <Data Name="LocalAddress">02000000C0A80A200000000000000000</Data>
    <Data Name="RemoteAddressLength">16</Data>
    <Data Name="RemoteAddress">02000000453663840000000000000000</Data>
    <Data Name="Mode">Tunnel Mode</Data>
    <Data Name="FilterId">9223372036854775813</Data>
    <Data Name="IPProtocol">0</Data>
    <Data Name="InterfaceLuid">0</Data>
    <Data Name="ProfileId">0</Data>
    <Data Name="LocalUdpEncapPort">0</Data>
    <Data Name="RemoteUdpEncapPort">0</Data>
    <Data Name="MMTargetName">redriver01.ids4zos.net</Data>
    <Data Name="EMTargetName">NULL</Data>
    <Data Name="NumTokens">0</Data>
    <Data Name="Token1Type">NULL</Data>
    <Data Name="Token1Principal">NULL</Data>
    <Data Name="Token1Mode">NULL</Data>
    <Data Name="Token1">0</Data>
    <Data Name="Token2Type">NULL</Data>
    <Data Name="Token2Principal">NULL</Data>
    <Data Name="Token2Mode">NULL</Data>
    <Data Name="Token2">0</Data>
    <Data Name="Token3Type">NULL</Data>
    <Data Name="Token3Principal">NULL</Data>
    <Data Name="Token3Mode">NULL</Data>
    <Data Name="Token3">0</Data>
    <Data Name="Token4Type">NULL</Data>
    <Data Name="Token4Principal">NULL</Data>
    <Data Name="Token4Mode">NULL</Data>
    <Data Name="Token4">0</Data>
    <Data Name="VirtualIfTunnelId">1</Data>
    <Data Name="TrafficSelectorId">1</Data>
    <Data Name="Flags">24</Data>
    <Data Name="RekeySPI">0</Data>
    <Data Name="OrigVirtualIfTunnelId">0</Data>
    <Data Name="PacketLocalAddressLength">0</Data>
    <Data Name="PacketLocalAddress">
    </Data>
    <Data Name="PacketRemoteAddressLength">0</Data>
    <Data Name="PacketRemoteAddress">
    </Data>
    <Data Name="PacketIPProtocol">0</Data>
    <Data Name="PacketInterfaceLuid">0</Data>
    <Data Name="PacketProfileId">0</Data>
  </EventData>
</Event>
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1024
Task Category: None
Level:         Information
Keywords:      (4294967296)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
IPsec: Send ISAKMP Packet
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1024</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000100000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.295981900Z" />
    <EventRecordID>1</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="0" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ICookie">deea922d80d93336</Data>
    <Data Name="RCookie">0000000000000000</Data>
    <Data Name="ExchangeType">IKEv2 SA Init Mode</Data>
    <Data Name="Length">528</Data>
    <Data Name="NextPayload">SA</Data>
    <Data Name="Flags">8</Data>
    <Data Name="MessageID">0</Data>
    <Data Name="LocalAddress">192.168.10.32</Data>
    <Data Name="LocalPort">500</Data>
    <Data Name="LocalProtocol">0</Data>
    <Data Name="RemoteAddress">69.54.99.132</Data>
    <Data Name="RemotePort">500</Data>
    <Data Name="RemoteProtocol">0</Data>
    <Data Name="InterfaceLuid">1688849960927232</Data>
  </EventData>
</Event>
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1025
Task Category: None
Level:         Information
Keywords:      (8589934592)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
IPsec: Receive ISAKMP Packet
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1025</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000000200000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.526519200Z" />
    <EventRecordID>2</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="0" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ICookie">deea922d80d93336</Data>
    <Data Name="RCookie">d1da5804517f5296</Data>
    <Data Name="ExchangeType">IKEv2 SA Init Mode</Data>
    <Data Name="Length">284</Data>
    <Data Name="NextPayload">SA</Data>
    <Data Name="Flags">32</Data>
    <Data Name="MessageID">0</Data>
    <Data Name="LocalAddress">192.168.10.32</Data>
    <Data Name="LocalPort">500</Data>
    <Data Name="LocalProtocol">0</Data>
    <Data Name="RemoteAddress">69.54.99.132</Data>
    <Data Name="RemotePort">500</Data>
    <Data Name="RemoteProtocol">0</Data>
    <Data Name="InterfaceLuid">1688849960927232</Data>
    <Data Name="ProfileId">2</Data>
  </EventData>
</Event>
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558168900Z" />
    <EventRecordID>3</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">CryptAcquireCertificatePrivateKey</Data>
    <Data Name="ErrorCode">2148081675</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558171100Z" />
    <EventRecordID>4</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeGetSigKeyProv</Data>
    <Data Name="ErrorCode">2147956220</Data>
  </EventData>
</Event>
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558179900Z" />
    <EventRecordID>5</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeFindLocalCertChainHelper</Data>
    <Data Name="ErrorCode">13806</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558189200Z" />
    <EventRecordID>6</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeFindLocalCertChainHelper</Data>
    <Data Name="ErrorCode">13806</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558749300Z" />
    <EventRecordID>7</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">CryptAcquireCertificatePrivateKey</Data>
    <Data Name="ErrorCode">2148081675</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558751000Z" />
    <EventRecordID>8</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeGetSigKeyProv</Data>
    <Data Name="ErrorCode">2147956220</Data>
  </EventData>
</Event>
 
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.558756300Z" />
    <EventRecordID>9</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="2" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeFindLocalCertChainHelper</Data>
    <Data Name="ErrorCode">13806</Data>
  </EventData>
</Event>
 
 
 
Log Name:       
Source:        Microsoft-Windows-WFP
Date:          2015-05-21 10:25:32
Event ID:      1026
Task Category: None
Level:         Information
Keywords:      (549755813888)
User:          N/A
Computer:      RK03.ids4zos.net
Description:
WFP: User Mode Error
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WFP" Guid="{0c478c5b-0351-41b1-8c58-4a6737da32e3}" />
    <EventID>1026</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x1000008000000000</Keywords>
    <TimeCreated SystemTime="2015-05-21T17:25:32.566271700Z" />
    <EventRecordID>28</EventRecordID>
    <Correlation ActivityID="{000001EA-0000-0000-0000-000000000000}" />
    <Execution ProcessID="296" ThreadID="2512" ProcessorID="0" KernelTime="0" UserTime="3" />
    <Channel>
    </Channel>
    <Computer>RK03.ids4zos.net</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="Function">IkeProcessPacket</Data>
    <Data Name="ErrorCode">2147956206</Data>
  </EventData>
</Event>

Note: At this point the client certificate and it's associated Trusted CA are NOT involved.

It appears that win7 is issuing a 13806 error during the ISAKMP Phase 1 "Key Exchange".

A special Diffie-Hellman Public/Private key pair is generated in order to establish a Security Association.

it seems that win7 cannot find the Diffie-Hellman private key.

<EventData>
    <Data Name="Function">CryptAcquireCertificatePrivateKey</Data>
    <Data Name="ErrorCode">2148081675</Data>
  </EventData>

The Redhat 7 IPsec IKEv2 process has accepted the Policy Parameters sent by the win7 client.

The server sends the appropriate  response back.

Why can't win7 find the private key?

How does the win7 logic process ISAKMP Key Exchanges ?

Cheers

Guy



   



  • Edited by 2UCowpoke Sunday, May 24, 2015 10:25 PM
Free Windows Admin Tool Kit Click here and download it now
May 24th, 2015 10:14pm

Duplicate : https://social.technet.microsoft.com/Forums/en-US/7c682f02-a101-435a-95b9-7e3f20847c29/establishing-a-vpn-security-association-via-ikev2-isakmp?forum=w7itprosecurity

May 24th, 2015 10:44pm

Okay I deleted the duplicate.

Do you have ideas on why win7 cannot find the private key???

Guy

Free Windows Admin Tool Kit Click here and download it now
May 25th, 2015 12:41am

Hi,

The link below is talking about how to troubleshoot a Microsoft L2TP/IPSec virtual private network client connection and you can take it as reference:

https://support.microsoft.com/en-us/kb/325034

https://technet.microsoft.com/en-us/library/dd448591%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

May 26th, 2015 6:12am

Hi Roger thanks for the references, but they don't reaklly answer the question

Why is windows looking for a  "private" 'key ?

Cheers

Guy

Free Windows Admin Tool Kit Click here and download it now
May 26th, 2015 11:05am

Probably it's just trying to access its client cert private key, try and grant that wider permissions (it probably would be nough read permissions to "Network Service"):

https://technet.microsoft.com/en-us/library/ee662329.aspx

May 26th, 2015 12:19pm

Hello aperelli and Yolanda

I discovered what was wrong.

I needed to generate a public key certificate and a CA certificate (without the private key)

for my redhat 7 VPN server.

Once I did that via the openssl certutil tool.

I then imported both VPN server "public" certificates into the windows 7

Local Computer Personal store (the VPN server's public key certificate)

and  the Local Computer Trusted Root CA store (the VPN's Public CA )

Now I am able to get a Security Association established.

However now it's failing because of ISAKMP message padding errors.


Free Windows Admin Tool Kit Click here and download it now
June 11th, 2015 3:33am

Thanks for sharing. Maybe you can try to open a new thread for the padding errors.
June 11th, 2015 3:47am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics