Hi Everyone, I am try to set up a cert-based ipsec vpn, using a windows 2008r2 server and windows xp sp3 client. i setup a enteprise root ca and configured the vpn by following these steps http://technet.microsoft.com/en-us/library/dd637815(WS.10).aspx and configured the client to connect using these steps http://support.microsoft.com/kb/314076, and when i attempt to connect, i am receiving error 786: "... There is no valid machine certificate..." So from the certificate manager console, i attempted to request a new certificate but the certificate request wizard is showing the below mentioned error: "The wizard cannot be started because of one or more of the following conditions: -There are no trusted certification authorities (CAs)available. -You do not have the permissions to request certificates from the available CAs. -The available CAs issue certificates for which you do not have permissions." how do i request for a machine cert for my win xp client? is this necessary for a cert based ipsec connection? Thank You.

Hi Gavingtw, Thank you for your post. If you want to deploy L2TP/IPSec VPN or EAP-TLS VPN, your VPN clients need to join domain and deploy PKI auto enroll. If you want to deploy IKEv2 VPN or SSTP VPN, your VPN clients OS do not support. IKEv2 VPN (VPN reconnect) requires OS Windows 7 and SSTP VPN requires OS Vista SP1. I suggest you use IKEv2 VPN with Windows 7 Client. Here are some VPN guides, hope they are helpful to you. Step-by-Step VPN Guide in Windows 2003 Configure L2TP/IPsec-based Remote Access in Windows 2008 Do we still need PPTP & L2TP/IPsec after Windows 7 If there are more inquiries on this issue, please feel free to let us know. Regards, Rick Tan