MapCertToToken error in oakley.log

Hello everybody.
I have a very obscure problem with Windows XP sp2
italian version (I don't know if also english
version is affected).
I'm try to establish an ipsec tunnel between this
windows system (laptop) and a linux *swan gateway.
On some systems tunnels aren't established and I
get this error:

10-31: 10:29:46:781:54c Not storing Peer's cert chain in SA.
10-31: 10:29:46:781:54c Cert SHA Thumbprint 60510bb120452d193a55e4caa4809491
10-31: 10:29:46:781:54c bab4c169
10-31: 10:29:46:781:54c Entered CRL check
10-31: 10:29:46:781:54c Left CRL check
10-31: 10:29:46:781:54c CertFindExtenstion failed with 0
10-31: 10:29:46:781:54c Signature validated
10-31: 10:29:46:781:54c MapCertToToken 57
^^^^^^^^^^^^^^^^^
What is this message? I have googled but I have not
found anything.

10-31: 10:29:46:781:54c isadb_set_status sa:00152188 centry:00000000 status
57
10-31: 10:29:46:781:54c Modalità Scambio chiave (modalità principale)
10-31: 10:29:46:781:54c Indirizzo IP di origine 151.25.21.44 [...]
10-31: 10:29:46:781:54c Identità basata sul certificato. Soggetto [...]
10-31: 10:29:46:781:54c Utente
10-31: 10:29:46:781:54c Parametro non corretto.
10-31: 10:29:46:781:54c 0x0 0x0
10-31: 10:29:46:781:54c ProcessFailure: sa:00152188 centry:00000000
status:57
10-31: 10:29:46:781:54c Not creating notify.

I have ask support also to M$ but they told me
that any other system other than Window$ isn't
supported.

Others have reported that getting ipsec tunnel mode to work with other
vendors can be at best problematic and is probably why MS will not deal with
it. What I would try is to use pre shared key as the authentication method
to see if that works or not. If PSK works then my guess it has something to
do with the certificate implementation and "CertFindExtenstion failed with
0" may mean that one of the certificates is considered invalid for use with
ipsec. That is just a guess of mine based on the error. For troubleshooting
it may help to refer to the domain isolation guide Chapter 7 for
troubleshooting ipsec at the link below. You may also want to post in a
forum for ipsec using linux. --- Steve

http://www.microsoft.com/technet/sec.../ipsecch7.mspx

"Marco Berizzi" wrote in message
news:%23WHTMSi3FHA.2616@TK2MSFTNGP12.phx.gbl...
> Hello everybody.
> I have a very obscure problem with Windows XP sp2
> italian version (I don't know if also english
> version is affected).
> I'm try to establish an ipsec tunnel between this
> windows system (laptop) and a linux *swan gateway.
> On some systems tunnels aren't established and I
> get this error:
>
> 10-31: 10:29:46:781:54c Not storing Peer's cert chain in SA.
> 10-31: 10:29:46:781:54c Cert SHA Thumbprint
> 60510bb120452d193a55e4caa4809491
> 10-31: 10:29:46:781:54c bab4c169
> 10-31: 10:29:46:781:54c Entered CRL check
> 10-31: 10:29:46:781:54c Left CRL check
> 10-31: 10:29:46:781:54c CertFindExtenstion failed with 0
> 10-31: 10:29:46:781:54c Signature validated
> 10-31: 10:29:46:781:54c MapCertToToken 57
> ^^^^^^^^^^^^^^^^^
> What is this message? I have googled but I have not
> found anything.
>
> 10-31: 10:29:46:781:54c isadb_set_status sa:00152188 centry:00000000
> status
> 57
> 10-31: 10:29:46:781:54c Modalità Scambio chiave (modalità principale)
> 10-31: 10:29:46:781:54c Indirizzo IP di origine 151.25.21.44 [...]
> 10-31: 10:29:46:781:54c Identità basata sul certificato. Soggetto [...]
> 10-31: 10:29:46:781:54c Utente
> 10-31: 10:29:46:781:54c Parametro non corretto.
> 10-31: 10:29:46:781:54c 0x0 0x0
> 10-31: 10:29:46:781:54c ProcessFailure: sa:00152188 centry:00000000
> status:57
> 10-31: 10:29:46:781:54c Not creating notify.
>
> I have ask support also to M$ but they told me
> that any other system other than Window$ isn't
> supported.
>
>

MapCertToToken error in oakley.log - Network

Thread: MapCertToToken error in oakley.log

LinkBack

Tools

MapCertToToken error in oakley.log

Re: MapCertToToken error in oakley.log