Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VPN Client Cert Chain Issues

I am attempting to setup a VPN connection on a new computer. This connection currently works fine on another machine. I have installed the Root Cert chain and my personal cert as before and it fails to connect. I have included my log file below. The cert shows as valid so I am unsure what I have done wrong. I have done this for other machines and it has worked fine. Any help would be appreciated!

Thank you

Karl

Cisco Systems VPN Client Version 4.8.01.0300

Copyright (C) 1998-2005 Cisco Systems, Inc. All Rights Reserved.

Client Type(s): Windows, WinNT

Running on: 5.1.2600 Service Pack 3

109 10:24:39.791 07/04/08 Sev=Info/6 CERT/0x63600025

Attempting to find a Certificate using Serial Hash.

110 10:24:39.791 07/04/08 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.

111 10:24:39.791 07/04/08 Sev=Info/6 CERT/0x63600025

Attempting to find a Certificate using Serial Hash.

112 10:24:39.791 07/04/08 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.

113 10:24:39.791 07/04/08 Sev=Info/6 CERT/0x63600025

Attempting to find a Certificate using Serial Hash.

114 10:24:39.791 07/04/08 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.

115 10:24:39.870 07/04/08 Sev=Info/4 CERT/0x63600015

Cert (cn=XXXXXXXXXXXXXX,ou=CSADMIN,dc=secure,dc=XXXXXXXXXXXX,dc=com) verification succeeded.

116 10:24:40.901 07/04/08 Sev=Info/6 CERT/0x63600025

Attempting to find a Certificate using Serial Hash.

117 10:24:40.901 07/04/08 Sev=Info/6 CERT/0x63600026

Found a Certificate using Serial Hash.

118 10:24:41.135 07/04/08 Sev=Info/4 CERT/0x6360001B

No smart card readers with cards inserted found.

119 10:24:41.432 07/04/08 Sev=Warning/2 CERT/0xE360003E

Cert chain missing or intermediate CA signature failed - Cert verification failed.

120 10:24:41.432 07/04/08 Sev=Warning/2 IKE/0xE3000097

Unable to validate peer certificate, Common Name co-sec-vpn01.ou=secure.ou=XXXXXXXXXXXX.o=com., Issuer cn=CPI,dc=secure,dc=XXXXXXXXXXX,dc=com, (CertCfg:241).

121 10:24:41.432 07/04/08 Sev=Warning/2 IKE/0xE300009B

Failed to process MM Msg 6 (NavigatorMM:570)

122 10:24:41.432 07/04/08 Sev=Warning/2 IKE/0xE30000A7

Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2237)

1 REPLY
Silver

Re: VPN Client Cert Chain Issues

VPN connection was not established because of an unrecognized reason. Please check the logs for details. Better solution is Install an Identity Cert that is not chained.

4892
Views
0
Helpful
1
Replies
CreatePlease login to create content