Azure vpn error A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

Question

I am creating a VPN in Azure, and created self-signed certificate in the following places:

Local Computer: Personal/Certificates: Issued To: FQDN name is the certificate's name Trusted Root Certification Authorities/Certificates: manually copied from Personal

I have configured the VPN in Azure and it is downloaded and extracted and the vpn client is installed successfully, however, when I run the client I received the following error:

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

Screenshot:

The error seems suggesting the certificate is NOT found, does the name matter?

Should I change the cert's name from Azurecert to FQDN which is the name in my local computer?

Thank you for your help in advance.

UPDATE: I removed the existing certification in Azure's configuration and re-added back with the same FQDN name shown in local computer's certificates, I redownloaded the client, I removed the existing installed vpn client and re-installed the new one, I receive the same error message. So it seems name is not the root cause?

UPDATE2:

The procedure I've followed:

1. Create Self Signed Certificate with the FQDN name on local laptop;

   New-SelfSignedCertificate –DnsName NV-RXIE.novantas.pri -CertStoreLocation “cert:\LocalMachine\My”

2. Add the self-signed certificate as a trusted certificate authority, Copy the new cert to Trusted Root Certificate Authorities

3. export the cert and open it, copy the cert part and paste into the VPN setting – Root certificates, Public Certificate Data

4. Download the VPN client and install it on laptop, run it

5. Connect, failed with:

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

Answer 1

When you try to connect to an Azure virtual network by using the VPN client, except for exporting the root certificate public key .cer file to Azure, each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate and then export and install the client certificate. If the client certificate is not installed, authentication fails.

This problem occurs if the client certificate is missing from Certificates - Current User\Personal\Certificates.

You could follow this solution to fix this issue. For more information about how to install the client certificate, see Generate and export certificates for point-to-site connections.