Error 860 in Windows 8.1 / Surface VPN
It should be easy enough to set up a VPN in Windows, and everything should work well, because Microsoft has been doing these sorts of things for some years.
Sure enough, if you open up the Charms bar, choose Settings, Change PC Settings, and finally Network, you’re brought to this screen, with a nice big friendly button to add a VPN connection. Tapping on it leads me to the following screen:
No problems, I’ve already got these settings ready to go.
Probably not the best to name my VPN settings “New VPN”, but then I’m not telling you my VPN endpoint. So, let’s connect to this new connection.
So far, so good. Now it’s verifying my credentials…
And then we should see a successful connection message.
Not quite. For the search engines, here’s the text:
Error 860: The remote access connection completed, but authentication failed because of an error in the certificate that the client uses to authenticate the server.
This is upsetting, because of course I’ve spent some time setting the certificate correctly (more on that in a later post), and I know other machines are connecting just fine.
I’m sure that, at this point, many of you are calling your IT support team, and they’re reminding you that they don’t support Windows 8 yet, because some lame excuse about ‘not yet stable, official, standard, or Linux”.
Don’t take any of that. Simply open the Desktop.
What? Yes, Windows 8 has a Desktop. And a Command Prompt, and PowerShell. Even in the RT version.
Oh, uh, yeah, back to the instructions.
Forget navigating the desktop, just do Windows-X, and then W, to open the Network Connections group, like this:
Select the VPN network you’ve created, and select the option to “Change settings of this connection”:
In the Properties window that pops up, you need to select the Security tab:
OK, so that’s weird. The Authentication Group Box has two radio buttons – but neither one is selected. My Grandma had a radio like that, you couldn’t tell what station you were going to get when you turn it on – and the same is generally true for software. So, we should choose one:
It probably matters which one you choose, so check with your IT team (tell them you’re connecting from Windows 7, if you have to).
Then we can connect again:
And… we’re connected.
Now for another surprise, when you find that the Desktop Internet Explorer works just fine, but the “Modern UI” (formerly known as “Metro”) version of IE decides it will only talk to sites inside your LAN, and won’t talk to external sites. Oh, and that behavior is extended to any Metro app that embeds web content.
I’m still working on that one. News as I have it!