Hi, Community and experts.
I need your advises. I have configured RRAS and Web Application Proxy on the same host. There are several CA-signed certificates installed in machine store on this host:
- one certificate for AD FS (with OID 1.3.6.1.5.5.7.3.1 - Server authentication) -ADFSCERT - to connect WAP to ADFS
- several certificates for WAP endpoints (with OID 1.3.6.1.5.5.7.3.1 - Server authentication) -WAPEPCERTS
- one certificate for IPSec/SSTP (with OID 1.3.6.1.5.5.7.3.1 - Server authentication and OID 1.3.6.1.5.5.8.2.2 - IP security IKE intermediate) IPSECSSTPCERT
RRAS is configured with the IPSECSSTPCER certificate. Custom L2TP/IPsec policies are disabled. PSK isn't used.
All things are working well but L2TP/IPsec VPN.
SSTP VPN and IKEv2 VPN uses correct certificate IPSECSSTPCERT
But IKEEXT uses wrong certificate ADFSCERT for L2TP/IPSec VPN. I seet it on client in Security log - Failure audit - IPsec Main Mode:
Remote Endpoint:
Principal Name: ADFSNAME (should be VPNNAME here)
Network Address: VALID_IP_HERE
Keying Module Port: 500
What is the way to configure IKEEXT to use correct certificate?
Thank you in advance.