Debugging options for VPN certificate 13806

John Perkins 1 Reputation point

Can anyone suggest some debugging options for diagnosing certificate-based IKE VPN tunnel connection error 13806?

I'm in the process of setting up a new Remote Access VPN server on Server 2019. Both client and server have the same trusted root cert installed, the server and client both have certs with IP security IKE intermediate EKU, certs are not expired, server cert matches the FQDN the client is attempting to connect to...but the client still reports back error 13806 when it attempts to connect.

The old Remote Access VPN server on Server 2016 with the same client works fine.

Is there a way to enable debugging to look at which certificates are being used? I'm not seeing any Event Viewer services listed that sound like they would have such information logged either on the server or client side.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,243 questions
0 comments No comments
{count} votes