Reset Search
 

 

Article

KB23221 - '13801: IKE authentication credentials are unacceptable' error message

« Go Back

Information

 
Last Modified Date7/31/2015 7:33 PM
Synopsis
This article describes the issue of the 13801: IKE authentication credentials are unacceptable error message being generated, when users try to connect to the VPN.
Problem or Goal
Users might receive the 13801: IKE authentication credentials are unacceptable error message, when connecting to the VPN:


 
Cause
Common causes for this issue are:
  • The machine certificate, which is used for IKEv2 validation on the RAS Server, does not have Server Authentication as the EKU (Enhanced Key Usage).  
  • The machine certificate on RAS server has expired.
  • The root certificate to validate the RAS server certificate is not present on the client
  • The VPN Server Name, provided on the client, does not match with the subjectName of the server certificate.
Solution
Ensure that the following requirements are met, before you try to establish the connection with the PCS device:
 
  • Common name (CN): It should be the same as the hostname or the IPv4/v6 address, which is configured as the VPN destination on the VPN client; that is, if the VPN client is configured with the hostname, then set this as the same hostname or if the VPN client is configured with the IP address, then set this as the same IP address.
  • Extended Key Usage (EKU): Select 'Server Authentication' and 'IP Security IKE intermediate'. 
  • Key Usage: Select the Digital signature and Key encipherment.
Note: Currently, Active Directory Authentication via IKE Authentication is not supported on Windows Server 2008 R2
Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255