When I try to setup my VPN connection I get the following error "Cannot Load dialog: 0x80420100. An unknown error has occured" I am using Entrust certificate for authentication. Rohit

I know it's no consolation, but I get exactly the same when using certificated-based VPN authentication instead of using a password and have had to lower the VPN security to cope with what I suspect is a bug in Vista. It's ironic given that Vista's supposed to be the most secure OS yet and yet the VPN security has to be lowered to cope with Vista! Unless a fix comes to light soon, we'll probably roll back to XP again.EDIT: Here's a link to others with the same problem of not being able to use certificate based authentication in Vista:http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=796345&SiteID=17

... Let the WoW begin... I have litterally tried everything now, I read the following MS articles http://support.microsoft.com/default.aspx/kb/922706 and http://www.microsoft.com/downloads/details.aspx?FamilyId=FFAEC8B2-99E0-427A-8110-2F745059A02D&displaylang=en But still, I am getting the same error. Then, I downloaded the ProcessMonitor from Microsoft and enabled and removed everything from it's filter, and then monitored when I was dialing into my servers, I could see a AccessDenied problem when the NetworkService was trying to read the HKCU\Software\Microsoft\Windows\CurrentVersion\Telephony\Locations key, I gave the right permissions there, and checked again, even when no AccessDenied error was coming up this time, I still could not get the darn thing to work . Then I thought,maybe the error is occuring because there are no user certificates installed, so I went in, downloaded the certs manually from the server (exporting them manually from the server's CertManager), copied them across to the client, and then used MMC (start, RUN, MMC, ENTER), used the (file -> AddRemove/SnapIn to add the LocalComputer Certificate and the UserCertificate), went to the TrustedRoot, and imported the Domain's root cert there, also gone to the user's cert, and imported the cert there also, when I right-click on the DialUpConnection ->properties ->secutiry -> Certficates, I can see both my Domain-CA, and the User Cert, ticked both, and then tried again, ... guess what... still the same error. Then I thought, could it be because IE7 isn't supporting the ActiveX properly, or the xenroll.dll not there in Vista/2008 by default, copied the DLL from a WIN2K release I have somewhere, and then regsvr32'd it into the system, used this time the FireFox browser, the ActiveX and all that worked, and the cert was installed there, but still, same error when tring to connect via the cert ... I don't know, how we are supposed to work with a new server that has the following problems: 1) The Browser is pretty much crippled and does not trust anything, not even the microsoft sites 2) The Browser does not come with the standard XEnroll.DLL by default, and therefore incompatible with pretty much all the existing servers out there. 3) The Browser does not come with Java enabled (or not even supports it), therefore, you have to install the SunJava, and wait to hear the better one, you are doomed if you try to use the 64bit of the OS (WIndows 2008 / Vista) as it's not compatible with the 64-to-32bit-emulated SunJVM, therefore, you cannot even open the MS site to send a feedback! since their site must use a script + Java... 4) The VPN wouldn't work for any certs, perid. You cannot use any certificates to connect, it would fail something that I am still trying to find out what the heck it is... and why Microsoft has not really seen this before just yet. 5) The really ugly Explorer that keeps forgetting your settings (re-grouping items together, or change the icon-disply etc) 6) The Shortcut/Keys that have disappeared, I used to love pressing CTRL+ALT+DEL and then "T" for TaskManager to see things, now, I have to use the mouse to "click" on the thing... Anyhow, I think I've spoken too much about windows as opposed to the VPN/CERT problem itself, I am going to try some other things to see where this whole thing is failing (items on my list for future testing):1) Checking DCOM, maybe one component there is failing 2) Probably writing a small piece of VB/VC code to try to connect in another way somewhere to see where the problem is 3) Hoping that Microsoft would wake up, start looking into this serious problem, and generate a fix for this mess. 4) Probably dive into and debug some windows components to see ifI can spot anything... 5) Don't know... will keep thinking... I just wonder, windows 2000 server was a much better system than Windows 2008 server. XP/2003 was a system in-between, however, this 2008/Vista issobad thatit keep causing problems with half the needed user-functionality been disabled, and longer time to reach to a setup-screen to change something.Having said that, I have been with MS for a long time, I hate to move to another vendor due to this history,but, honestly considering moving away into any other stable OS that I can use to do my job at the end of the day. I will send another post later with an update (shorter than this one), hopefully with the right fix. Regards Heider.

Finally!!!,... Just solved this b*tch problem... This solution works for all services, including win2k, 2003, and Vista, etc. Ok, First of all, ensure that you download and install the RootCA certificate for your domain (I guess you have done that already if you have read my previous post above), if not, then simply, select "Retrieve the CA certificate or certificate revocation list -> download CA Certificate" option when you request your new certificate from your company/home-domain.Refer to the above steps to place/move this certificate into your LocalMachine's trusted-store's certificates, this is the basics and if you have been stuck with the 0x80420100 error, then you probable have done this already. Now, to solve the pain of (Requesting your user certificate): follow my steps below... 1) DO NOT USE THE STANDARD "User Certificate" option from your CertServ website to request one, this will NOT work. 2) We will request this manually now, to do this, we will be creating a new CSR (Certificate Signing Request) and then submit it manually, continue with the steps to know how: 3) From your CLIENT machine (i.e. your VISTA / Windows 2008), goto start your MMC Certificate Management, to do this, START -> RUN -> MMC, and then from the FileMenu -> AddRemoteSnapIn -> add Certificate (Local User) -> Ok -OK... until you see all the list loaded for certificates. 4) Under "Certificates - Current User" Expand "Personal", and then right click on "Certificates" select "All Tasks" -> Advanced Operations -> Create Custom Request. 5) You should see a menu/form, click Next. 6) Under the "Template" list, select "user" -> Next 7) If you like to add more details to the cert request, click on the ">>" next to the "user" to expand and do more option, thought, this step is not necessary. 8) Click "Next" and save the file into a location; for example, save it to "C:\Heider\MyRequest.txt" 9) Now, load your browser and then browse to your CertSrv website (your company/domain's CertGenerations website) 10) Select "Request a Certificate" , DO NOT CLICK NEXT, this what caused it to fail before. 11) Select "Advanced Request", Next 12) Select "Submit a certificate request using a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file" from the list (i.e. second option) , hit Next 13) Open your CSR file (i.e. with Notepad, open the file you have generated above from step 8, select all the content, copy it and paste it into the "Base64 Encoded Certificagte Request" box. 14) Select "User" from the list 15) Click Submit 16) Your should get your next page with the new certificate instantly, simply, just download and install. 17) Now try your dial-up connection... this should work fine now... Let me know if this is all ok, or if anything you are stuck with, I am happy to help. Good luck and I hope you can find this useful. Regards Heider.

THNX !!!This works great for me and at least saved me (and my customer) lots of time (and money !!)Thanks for a good description !RegardsMartin