This article describes an issue that occurs in a Windows Server 2012 R2-based Routing and Remote Access service (RRAS) server. A hotfix is available to fix this issue. The hotfix has a prerequisite.
Consider the following scenario:
You deploy DirectAccess and Layer Two Tunneling Protocol (L2TP) VPN connections in Windows Server 2012 R2.
An IP-HTTPS certificate from a public certification authority (CA) is installed.
A second certificate from an internal CA is installed for the L2TP/IPsec VPN connection.
In this scenario, the L2TP/IPsec VPN connection doesn't work, and you receive a 789 error code that looks something like this:
Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.
Important If you install a language pack after you install this hotfix, you must reinstall this hotfix. Therefore, we recommend that you install any language packs that you need before you install this hotfix. For more information, see Add language packs to Windows.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that's described in this article. Apply this hotfix only to systems that are experiencing this specific problem.
If the hotfix is available for download, there's a "Hotfix Download Available" section at the top of this Knowledge Base article. If this section doesn't appear, submit a request to Microsoft Customer Service and Support to get the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that don't qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft website:
See the terminology that Microsoft uses to describe software updates.
The English (United States) version of this software update installs files that have the attributes that are listed in the following tables. The dates and times for these files are listed in Coordinated Universal Time (UTC). Be aware that dates and times for these files on your local computer are displayed in your local time and with your current daylight saving time bias. The dates and times may also change when you perform certain operations on the files.
Windows Server 2012 R2
Important Windows 8.1 hotfixes and Windows Server 2012 R2 hotfixes are included in the same packages. However, hotfixes on the Hotfix Request page are listed under both operating systems. To request the hotfix package that applies to one or both operating systems, select the hotfix that is listed under "Windows 8.1/Windows Server 2012 R2" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Windows Server 2012 R2
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information" section. MUM, MANIFEST, and the associated security catalog (.cat) files, are very important to maintain the state of the updated components. The security catalog files, for which the attributes aren't listed, are signed with a Microsoft digital signature.