Hello,

we get the following Error Message in the IKE Log on a BM3.8 VPN Server (Client to site):

IKE Debug Log start time :24.8.2004 11.22.19
24.8.2004 11.22.27 ***Receive Main Mode message from 195.127.2.10
24.8.2004 11.22.27 I-COOKIE=61DF9383356BCBE8,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-2143387060
24.8.2004 11.22.27 Start IKE-SA CCD4D040 - Responder,src=0.0.0.0,dst=195.127.2.10,TotSA=1
24.8.2004 11.22.27 IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=300
24.8.2004 11.22.27 sending notify message type: 28 to 195.127.2.10
24.8.2004 11.22.27 ***Send Unacknowledge Informational message to 195.127.2.10
24.8.2004 11.22.27 I-COOKIE=61DF9383356BCBE8,R-COOKIE=6EF4E32C49CC1975,MsgID=87E9E631,1stPL=NOTIF Y-PAYLOAD,state=-2143386896
24.8.2004 11.22.27 Error :Server certificate not available , probably error reading certificate
24.8.2004 11.22.27 Processed SA-PAYLOAD unsuccessful - No usage certificateavailable for signature authentication, dst=195.127.2.10.
24.8.2004 11.22.27 Error processing the first MM packet - No usage certificate available for signature authentication
24.8.2004 11.22.29 IKE-SA CCD4D040 is Deleted,I-COOKIE=61DF9383,R-COOKIE=6EF4E32C,dst=195.127.2.10
24.8.2004 11.22.29 State:0 Cond:4 TimerEvent:1
24.8.2004 11.22.29 lifetime :0 sec Rekey Time :0 sec
24.8.2004 11.22.29 Created at :0 sec Remaining life time :-93078 sec Current time 93078
24.8.2004 11.22.29 The client 195.127.2.10 removed from vpninf

24.8.2004 11.22.45 ***Receive Main Mode message from 195.127.2.10
24.8.2004 11.22.45 I-COOKIE=43E0C7E5B34BD3E0,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-2143387060
24.8.2004 11.22.45 Start IKE-SA CCD4D040 - Responder,src=0.0.0.0,dst=195.127.2.10,TotSA=1
24.8.2004 11.22.45 IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=300
24.8.2004 11.22.45 sending notify message type: 28 to 195.127.2.10
24.8.2004 11.22.45 ***Send Unacknowledge Informational message to 195.127.2.10
24.8.2004 11.22.45 I-COOKIE=43E0C7E5B34BD3E0,R-COOKIE=6EF4E32C49CC1975,MsgID=FA58016A,1stPL=NOTIF Y-PAYLOAD,state=-2143386896
24.8.2004 11.22.45 Error :Server certificate not available , probably error reading certificate
24.8.2004 11.22.45 Processed SA-PAYLOAD unsuccessful - No usage certificateavailable for signature authentication, dst=195.127.2.10.
24.8.2004 11.22.45 Error processing the first MM packet - No usage certificate available for signature authentication
24.8.2004 11.22.48 IKE-SA CCD4D040 is Deleted,I-COOKIE=43E0C7E5,R-COOKIE=6EF4E32C,dst=195.127.2.10
24.8.2004 11.22.48 State:0 Cond:4 TimerEvent:1
24.8.2004 11.22.48 lifetime :0 sec Rekey Time :0 sec
24.8.2004 11.22.48 Created at :0 sec Remaining life time :-93098 sec Current time 93098
24.8.2004 11.22.48 The client 195.127.2.10 removed from vpninf

24.8.2004 11.22.50 ***Receive Main Mode message from 195.127.2.10
24.8.2004 11.22.50 I-COOKIE=43E0C7E5B34BD3E0,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-2143387060
24.8.2004 11.22.50 Start IKE-SA CCD4D040 - Responder,src=0.0.0.0,dst=195.127.2.10,TotSA=1
24.8.2004 11.22.50 IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=300
24.8.2004 11.22.50 sending notify message type: 28 to 195.127.2.10
24.8.2004 11.22.50 ***Send Unacknowledge Informational message to 195.127.2.10
24.8.2004 11.22.50 I-COOKIE=43E0C7E5B34BD3E0,R-COOKIE=6EF4E32C49CC1975,MsgID=6BC3A285,1stPL=NOTIF Y-PAYLOAD,state=-2143386896
24.8.2004 11.22.50 Error :Server certificate not available , probably error reading certificate
24.8.2004 11.22.50 Processed SA-PAYLOAD unsuccessful - No usage certificateavailable for signature authentication, dst=195.127.2.10.
24.8.2004 11.22.50 Error processing the first MM packet - No usage certificate available for signature authentication
24.8.2004 11.22.53 IKE-SA CCD4D040 is Deleted,I-COOKIE=43E0C7E5,R-COOKIE=6EF4E32C,dst=195.127.2.10
24.8.2004 11.22.53 State:0 Cond:4 TimerEvent:1
24.8.2004 11.22.53 lifetime :0 sec Rekey Time :0 sec
24.8.2004 11.22.53 Created at :0 sec Remaining life time :-93103 sec Current time 93103
24.8.2004 11.22.53 The client 195.127.2.10 removed from vpninf

24.8.2004 11.22.57 ***Receive Main Mode message from 195.127.2.10
24.8.2004 11.22.57 I-COOKIE=43E0C7E5B34BD3E0,R-COOKIE=0000000000000000,MsgID=0,1stPL=SA-PAYLOAD,state=-2143387060
24.8.2004 11.22.57 Start IKE-SA CCD4D040 - Responder,src=0.0.0.0,dst=195.127.2.10,TotSA=1
24.8.2004 11.22.57 IKE SA NEGOTIATION: Peer lifetime = 28800 My lifetime=300
24.8.2004 11.22.57 sending notify message type: 28 to 195.127.2.10
24.8.2004 11.22.57 ***Send Unacknowledge Informational message to 195.127.2.10
24.8.2004 11.22.57 I-COOKIE=43E0C7E5B34BD3E0,R-COOKIE=6EF4E32C49CC1975,MsgID=BD1B8F55,1stPL=NOTIF Y-PAYLOAD,state=-2143386896
24.8.2004 11.22.57 Error :Server certificate not available , probably error reading certificate
24.8.2004 11.22.57 Processed SA-PAYLOAD unsuccessful - No usage certificateavailable for signature authentication, dst=195.127.2.10.
24.8.2004 11.22.57 Error processing the first MM packet - No usage certificate available for signature authentication
24.8.2004 11.22.58 IKE-SA CCD4D040 is Deleted,I-COOKIE=43E0C7E5,R-COOKIE=6EF4E32C,dst=195.127.2.10
24.8.2004 11.22.58 State:0 Cond:4 TimerEvent:1
24.8.2004 11.22.58 lifetime :0 sec Rekey Time :0 sec
24.8.2004 11.22.58 Created at :0 sec Remaining life time :-93108 sec Current time 93108
24.8.2004 11.22.58 The client 195.127.2.10 removed from vpninf

Here the Server Details:

- Netware 6.0 SP5
- BM 3.8 SP2a
- Server Certificate exist and is valid
- PKIdiag reports no error

Does someone have an idea whats wrong?