CHAP on RRAS VPN Fails to authenticate

D

David Hodgson

Folks,

I have a Windows 2000 PPTP VPN setup I want it to only allow CHAP
authentication. I have a local user setup on the same machine.

All windows 2000 clients cannot connect to PPTP using CHAP, if I set up both
the server and client to use MS-CHAP then it works fine.

This is a test rig for a UNIX machine which will be the client, this is why
I need CHAP. The VPN sits on a DMZ and is not part of the domain.

I have done the following:

-------------------------
on Server

RRAS

right click "server-name"
select "properties"
select "Security Tab"
select "Authentication Methods"
remove MS-CHAP and MS-CHAPv2
select CHAP

Verified that user doesn't use any RRAS policies
---------------------------------------------

on Client

VPN Dialup

properties
security tab
Select Advanced
select Settings
remove MS-CHAP and MS-CHAPv2
select CHAP

----------------------------------------------

have I missed anything???

thanks
Dave
 
M

Manjari Bonam [MSFT]

You should enable "Store Passwords using reversible encryption" on your user
accounts.

This setting might be with the user properties or with either of the below:
the Local Security Policy->Password Policy
DomainSecurityPolicy->Passwork Policy
 
D

David Hodgson

That never worked.

do I need to re-create the user?

I have rebooted the machine and in the local security policy " Store
Passwrods ......." is now enabled.

Dave
 
M

Manjari Bonam [MSFT]

You need to reset the password of the user
or
change the user account option to change password on next logon

This should work.
 
D

David Hodgson

Hi Manjari,

I reset the password and it now passes authentication, thankyou, but I now
get the following error....

Error 741: The local computer does not support the required data encryption
type.

I have made sure that "Optional Encryption (connect even if no encryption)"
is selected on the client. I have also looked at the server and can't see
where I would select such an option.

thanks again
Dave
 
D

David Hodgson

Hi Manjari,

thankyou for your help. I have now found the culprit, a remote access policy
with "No Encryption" de-selected.

Although the user does not use a remote access policy it must have some
effect.

thankyou
Dave
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Microsoft VPN Client Issue 1
Vista can't authenticate on VPN connection 4
Chap V1 for VPN Connectivity 4
PPTP Server 2
error 778 when connecting to Win2003 VPN server with Windows XP client 0
Properly stuck getting a PPTP connection to work. Can someone please assist? 2
PEAP-MS-CHAP v2 Certificate Problem 4
Windows 2003 PPTP VPN server set up 3

Top