When I try to establish a 3.8 vpn tunnel between two server i get the
following errors on the slave IKE screen:-

15-6-2004 9:43:58 am ***Send Unacknowledge Informational message to
xx.xx.xx.xx

15-6-2004 9:43:58 am
I-COOKIE=149F94ED7D035737,R-COOKIE=6E0285D90530F0CD,MsgID=
567BDC04,1stPL=HASH-PAYLOAD,state=-1907711352
15-6-2004 9:43:58 am Processed SIGNATURE-PAYLOAD unsuccessful - Failed to
valid
ate peer's certificate, dst=xx.xx.xx.xx.
15-6-2004 9:43:58 am Failed to create IKE-SA - Failed to validate peer's
certif
icate , dst = xx.xx.xx.xx
15-6-2004 9:43:58 am ***Receive Main Mode message from xx.xx.xx.xx
15-6-2004 9:43:58 am
I-COOKIE=149F94ED7D035737,R-COOKIE=6E0285D90530F0CD,MsgID=
0,1stPL=ID-PAYLOAD,state=-1907711400
15-6-2004 9:43:58 am Processed ID-PAYLOAD unsuccessful - Received main mode
mes
sage in wrong state, dst=xx.xx.xx.xx
15-6-2004 9:43:58 am IKE-SA 8E5402E0 is
Deleted,I-COOKIE=4A9070A0,R-COOKIE=6E02
85D9,dst=xx.xx.xx.xx
15-6-2004 9:43:58 am State:2 Cond:4 TimerEvent:1
15-6-2004 9:43:58 am lifetime :28800 sec Rekey Time :0 sec
15-6-2004 9:43:58 am Created at :0 sec Remaining life time :-35375 sec
Curr
ent time 64175
15-6-2004 9:44:04 am ***Receive Main Mode message from xx.xx.xx.xx
15-6-2004 9:44:04 am
I-COOKIE=149F94ED7D035737,R-COOKIE=6E0285D90530F0CD,MsgID=
0,1stPL=ID-PAYLOAD,state=-1907711400
15-6-2004 9:44:04 am Processed ID-PAYLOAD unsuccessful - Received main mode
mes
sage in wrong state, dst=xx.xx.xx.xx

It seems that our certificate's are bad but I have run PKIDiag with no
errors and I have recreated all certificates involved. The servers are in
the same tree. I suspect this is a problem with the trusted root, does
anyone have any suggestion on how I can progress this problem?

--
Matt Hudson,
Principle Network and Communications Officer,
Burnley Borough Council.
CNA 6/5/4