I've researched this to death, and have tried every solution I can think of, but still can't figure it out...so hopefully one of you can help me!
We're using RRAS on Windows 2003 Server Standard edition, for remote users to access the network via VPN. Remotes users currently connect using the VPN connection settings built into Windows XP, using the PPTP protocol.
We want to stop using PPTP and start using L2TP. In order to use L2TP, you need to install a computer certificate on the client PC, which is issued by our Enterprise Root Certificate Authority server (also a 2003 Standard server). I've tested this out using a laptop thats part of our domain, and it works great.
The problem, is that our remote users PC's are not part of our domain. So I need to figure out how to install the computer certificate on these remote PC's.
I've tried connecting to the \\server\certsrv page, and going through the motions to request a certificate, but there is no option for Computer Certificates.
I have read that you can request an "Offline VPN certificate"....but this only is an option if your Certificate Authority Server is running the Enterprise Version of Server 2003.
I tried connecting the clients via PPTP VPN, and then using the Certificates MMC console to request a Computer Certificate, but it comes back with an error saying it can't communicate with a CA Server....I assume this is because the PC is not part of the domain. I tried this with a non-domain member laptop here on the office LAN, and got the same results.
Does anyone know if there is a way to make this work, or am I out of luck?
Thanks!
We're using RRAS on Windows 2003 Server Standard edition, for remote users to access the network via VPN. Remotes users currently connect using the VPN connection settings built into Windows XP, using the PPTP protocol.
We want to stop using PPTP and start using L2TP. In order to use L2TP, you need to install a computer certificate on the client PC, which is issued by our Enterprise Root Certificate Authority server (also a 2003 Standard server). I've tested this out using a laptop thats part of our domain, and it works great.
The problem, is that our remote users PC's are not part of our domain. So I need to figure out how to install the computer certificate on these remote PC's.
I've tried connecting to the \\server\certsrv page, and going through the motions to request a certificate, but there is no option for Computer Certificates.
I have read that you can request an "Offline VPN certificate"....but this only is an option if your Certificate Authority Server is running the Enterprise Version of Server 2003.
I tried connecting the clients via PPTP VPN, and then using the Certificates MMC console to request a Computer Certificate, but it comes back with an error saying it can't communicate with a CA Server....I assume this is because the PC is not part of the domain. I tried this with a non-domain member laptop here on the office LAN, and got the same results.
Does anyone know if there is a way to make this work, or am I out of luck?
Thanks!
