After Upgrade from XP to Vista RAS Connections are Failing

  • Thread starter Aanand Ramachandran
  • Start date
A

Aanand Ramachandran

I have seen a number of posts on news groups and other forums where
customers are not able to setup a RAS connection
after upgrading from XP to Vista. The purpose of this post is to explain the
cause of this problem in majority of the
cases

1. Authentication Protocol
Vista does not support the MSCHAPv1 protocol for authentication. The
protocols supported on Vista are
PAP, CHAP, MSCHAPv2, PEAP and EAP. The default is MSCHAPv2. Hence, if the
server is not configured for
or does not support any protocol other than MSCHAPv1 then connection
setup will fail. Please enable MSCHAPv2 support
on the server.

2. Encyption Type Setting
Vista supports only strong encryption by default which is 128-bit RC4 for
PPTP and AES 128 bit, AES 256 bit, 3DES for
L2TP. So, if the server doesnt support these encryption types connections
will fail. The solution is to either upgrade
the server to support these encryption types or to configure the client
to support weaker encryptions types. The
latter can be accomplished as follows

Change the following registry keys to 1:
HKLM\System\CurrentControlSet\Services\Rasman\Parameters\AllowPPTPWeakCrypto
FOR PPTP
HKLM\System\CurrentControlSet\Services\Rasman\Parameters\AllowL2TPWeakCrypto
FOR L2TP

Restart your machine after changing the value of a key

THe following links provide more info

http://support.microsoft.com/kb/929857/en-us

http://blogs.technet.com/rrasblog/a...rity-changes-for-remote-access-scenarios.aspx
 
R

Robert L [MVP - Networking]

Thank you for the post.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com

I have seen a number of posts on news groups and other forums where
customers are not able to setup a RAS connection
after upgrading from XP to Vista. The purpose of this post is to explain the
cause of this problem in majority of the
cases

1. Authentication Protocol
Vista does not support the MSCHAPv1 protocol for authentication. The
protocols supported on Vista are
PAP, CHAP, MSCHAPv2, PEAP and EAP. The default is MSCHAPv2. Hence, if the
server is not configured for
or does not support any protocol other than MSCHAPv1 then connection
setup will fail. Please enable MSCHAPv2 support
on the server.

2. Encyption Type Setting
Vista supports only strong encryption by default which is 128-bit RC4 for
PPTP and AES 128 bit, AES 256 bit, 3DES for
L2TP. So, if the server doesnt support these encryption types connections
will fail. The solution is to either upgrade
the server to support these encryption types or to configure the client
to support weaker encryptions types. The
latter can be accomplished as follows

Change the following registry keys to 1:
HKLM\System\CurrentControlSet\Services\Rasman\Parameters\AllowPPTPWeakCrypto
FOR PPTP
HKLM\System\CurrentControlSet\Services\Rasman\Parameters\AllowL2TPWeakCrypto
FOR L2TP

Restart your machine after changing the value of a key

THe following links provide more info

http://support.microsoft.com/kb/929857/en-us

http://blogs.technet.com/rrasblog/a...rity-changes-for-remote-access-scenarios.aspx
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Vista can't authenticate on VPN connection 4
Security -- Firewall and the shortcomings of Internet Explorer 7compared to Mozilla Firefox 6
Why do people who are happy with XP upgrade to Vista? 7
Thinking of upgrade from XP Pro x64 to Vista Home Premium. 4
Sync Toy 1.4 after upgrade from XP Pro x 64 to Vista ultimate x 64 6
VPN clents are unable to connect 0
Need help configuring Wireless Connection profile 8
not sure where to best post this - redirector problem?? 1

Top