Windows 7 IPSec/L2TP VPN connection problem
In windows 7 i have problem with my L2TP vpn connection so i describe the problem I build the connection and also in the security tab set it to use L2TP and set the Pre-shared key (The VPN server use Preshared for l2tp) then i try to connect to VPN server but nothing is happened and after a moment the Error 789 is appeared but with PPTP the vpn work fine so i curios about it and i see something odd when i use PPTP during the connecting in the "Control Panel\Network and Internet\Network Connections " I see that the status of connection is Connecting but during the running of L2TP connection the status is constantly Disconnected like there is nothing is happened and i do nothing!! Microsoft Certified System Engineer 2003
December 8th, 2009 2:22pm

Any idea or something else?what should i do?Microsoft Certified System Engineer 2003
Free Windows Admin Tool Kit Click here and download it now
December 9th, 2009 8:12am

well i found something new about this problem!! I setup a VPN server with windows server 2008 R2 (Install Windows Server 2008 R2 in Virtual-box) and use the Pre-shared key for L2TP connection and it is work fine BUT the difference is in the encryption status the encryption is "IPSec: AES 128" and in the past when i use Windows XP I remmeber that the encryption is "IPSec ESP 3DES" The VPN Server is Windows Server 2003 so what should I do to add ESP 3DES in windows 7 or add AES 128 in windows server 2003? By the way i think the primary problem is from integrity during IPSec because the problem is before opening session I completely confused please help me :(Microsoft Certified System Engineer 2003
December 10th, 2009 4:52am

Maybe ISAKMP protocol is blocked. This behavior can be caused by firewall on the computer, in the router or on the ISP side. You may temporary disable the firewall. If the issue persists, temporary bypass the router or disable the firewall on the router. If the issue still occurs, try to connect to the L2TP VPN from another system, if the connection is not established, the most possible cause can be the ISP side. Meantime please also make sure that the "IPsec Policy Agent" service is enabled.Arthur Xie - MSFT
Free Windows Admin Tool Kit Click here and download it now
December 10th, 2009 5:15am

Maybe ISAKMP protocol is blocked. This behavior can be caused by firewall on the computer, in the router or on the ISP side. You may temporary disable the firewall. If the issue persists, temporary bypass the router or disable the firewall on the router. If the issue still occurs, try to connect to the L2TP VPN from another system, if the connection is not established, the most possible cause can be the ISP side. Meantime please also make sure that the "IPsec Policy Agent" service is enabled. Arthur Xie - MSFT Thanks for your reply. About the ISAKMP protocol i disable my pc firewall but nothing changed so this is not the answer and also in the past I able to connect when i have windows XP pro so the ISP is not the answer. about the router my router is "ZyXel ZyWALL 2 Plus " and is disable it's firewall too but no differences and i'm unabel to connect but im my point of view the most suspicious thing is the router but when i think about it I realize that in the windows XP and in windows 7 XP mode i'm able to connect !! "IPsec Policy Agent" service is enabled and the start up mode is automatic. and now the new things that i found out !! I install Windows Server 2003 R2 (Virtual-box) and able to connect it and the ecryption method is IPSec ESP 3DES !! in my last comment i said that i'm unable to connect the VPN Server because of encryption method but after this test well this is not the problem. Please Help me Microsoft Certified System Engineer 2003
December 10th, 2009 10:54am

well thanks to all Technet forum moderator for helping me !! anyway I think i found the cause of the problem but i don't know how to fix it. when I connect to internet with my broadband connection VPN work fine but when my router connect to internet and I connect to internet trough it the problem is coming ... The VPN Server is Microsoft Windows Server 2003 and I'm the administrator of it. Please help me to solve this problem .... this error isn't just for me. Thanks a lotMicrosoft Certified System Engineer 2003
Free Windows Admin Tool Kit Click here and download it now
December 13th, 2009 12:52am

Does your router have a firewall? You need to change the settings for the router to allow ISAKMP protocol UDP port 500. Please refer the instruction from the router manufacturer. Or you can contact the technical support of the manufacturer.Arthur Xie - MSFT
December 14th, 2009 1:38am

I am having the exact same issue, were you able to find the solution
Free Windows Admin Tool Kit Click here and download it now
January 28th, 2010 10:56am

When you working with Microsoft XP, Vista, 7, 2003 or 2008 and IPSEC/L2TP behind NAT then you need to create an registrykey. You can find this by a Google search on NAT-Traversal with IPSEC.And when you using NAT at the server site then you have to make an extra port-forwading to your server UDP 4500.
January 29th, 2010 3:33am

I have same problem too. When I want to connect on l2tp/ipsec VPN ( 3Com 3CR870-95) with Windows7 then I receive Error 789. I have tried on 3 PC with Windows7 with same result. But on same Win7 i have XP in Virtualbox. When I connect with this WindowsXP everything works OK. Has anyone found solution for windows7?
Free Windows Admin Tool Kit Click here and download it now
February 8th, 2010 9:31am

Did you have any luck HR-Damir? I am having the same problem, XP works fine, Windows 7 doesn't.
February 9th, 2010 10:44pm

NKumarnz, I didn't have success... I just found that if I use internal ISDN card to access internet then I can connect to VPN with Windows 7 too. But if I use adsl router then works only XP. So when I have public IP then w7 works, when I have private IP then not.. Maybe somebody have some idea?
Free Windows Admin Tool Kit Click here and download it now
February 11th, 2010 2:39am

I open a ticket with Microsoft because I could not find anything. They have been working on it for more than a week and its does not look like they are finding much on it.I did compare the IKE packets from windows 7 and windows XP and windows 7 is using the RFC for NAT-T as well as the draft version, but XP only uses the draft version. I am pretty sure that is has to do with that extra information in the IKE packet.Hope some one can figure this out
February 11th, 2010 4:25pm

Thanks for posting this. I was having the same issue and your Step 1 fixed my problem. I had installed the NCP VPN client which disabled "IKE and AuthIP IPSec Keying module" and "IPSec policy agent". Once I set the mode to "Automatic", it worked!
Free Windows Admin Tool Kit Click here and download it now
January 11th, 2011 2:38am

Gelfer, I noticed that adding the registry setting as described in step 1 is "Not Recommended" on Windows 2003 RRAS, so I am hesitant to try it on a RRAS server that works for PPTP connections. Will this affect them? Do I have to restart the server or RRAS service? My story is simple. I have users who are using the 3G Aircards from Verizon and connecting fine to my PPTP ports. One day, we recieved 4G Verizon cards and all was well in late November and December of last year, until just recently someone couldn't connect to our VPN anymore. Two days ago, I called Verizon. There apparently is a known issue with their 4G environment that is causing this PPTP VPNs to fail. They are "working on it" In the meantime, I thought I would try to use the available L2TP ports. They didn't say L2TP was NOT working. I have tried many things to make this work with no luck...
January 21st, 2011 3:19pm

Did you apply step one to the server as well? 2003 RRAS?
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 4:21pm

Change your IPSec (phase 2) hash to use SHA instead of MD5.
August 9th, 2011 6:40pm

If you did all of the above mentioned and still encounter error 789, check if your VPN-Server has keylife configured in time and KBs. Windows 7 defaults to 3600sec/250000KB. Try specifying both.
Free Windows Admin Tool Kit Click here and download it now
August 13th, 2012 8:56am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics