Re: CHAP on RRAS VPN Fails to authenticate

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: David Hodgson (david.hodgson_at_vianet.co.uk)
Date: 06/01/04 

Date: Tue, 1 Jun 2004 09:29:15 +0100

Hi Manjari,

I reset the password and it now passes authentication, thankyou, but I now
get the following error....

Error 741: The local computer does not support the required data encryption
type.

I have made sure that "Optional Encryption (connect even if no encryption)"
is selected on the client. I have also looked at the server and can't see
where I would select such an option.

thanks again
Dave

"Manjari Bonam [MSFT]" <manjarib@online.microsoft.com> wrote in message
news:Ojh5Qd5REHA.3016@TK2MSFTNGP10.phx.gbl...
> You need to reset the password of the user
> or
> change the user account option to change password on next logon
>
> This should work.
> --
> - Manjari
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> "David Hodgson" <david.hodgson@vianet.co.uk> wrote in message
> news:c9fijg$fh6$1$8302bc10@news.demon.co.uk...
> > That never worked.
> >
> > do I need to re-create the user?
> >
> > I have rebooted the machine and in the local security policy " Store
> > Passwrods ......." is now enabled.
> >
> > Dave
> >
> > "Manjari Bonam [MSFT]" <manjarib@online.microsoft.com> wrote in message
> > news:OHUHWvxREHA.2408@tk2msftngp13.phx.gbl...
> > > You should enable "Store Passwords using reversible encryption" on
your
> > user
> > > accounts.
> > >
> > > This setting might be with the user properties or with either of the
> > below:
> > > the Local Security Policy->Password Policy
> > > DomainSecurityPolicy->Passwork Policy
> > > --
> > > - Manjari
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > "David Hodgson" <david.hodgson@vianet.co.uk> wrote in message
> > > news:c9f9n3$e1b$1$8300dec7@news.demon.co.uk...
> > > > Folks,
> > > >
> > > > I have a Windows 2000 PPTP VPN setup I want it to only allow CHAP
> > > > authentication. I have a local user setup on the same machine.
> > > >
> > > > All windows 2000 clients cannot connect to PPTP using CHAP, if I set
> up
> > > both
> > > > the server and client to use MS-CHAP then it works fine.
> > > >
> > > > This is a test rig for a UNIX machine which will be the client, this
> is
> > > why
> > > > I need CHAP. The VPN sits on a DMZ and is not part of the domain.
> > > >
> > > > I have done the following:
> > > >
> > > > -------------------------
> > > > on Server
> > > >
> > > > RRAS
> > > >
> > > > right click "server-name"
> > > > select "properties"
> > > > select "Security Tab"
> > > > select "Authentication Methods"
> > > > remove MS-CHAP and MS-CHAPv2
> > > > select CHAP
> > > >
> > > > Verified that user doesn't use any RRAS policies
> > > > ---------------------------------------------
> > > >
> > > > on Client
> > > >
> > > > VPN Dialup
> > > >
> > > > properties
> > > > security tab
> > > > Select Advanced
> > > > select Settings
> > > > remove MS-CHAP and MS-CHAPv2
> > > > select CHAP
> > > >
> > > > ----------------------------------------------
> > > >
> > > > have I missed anything???
> > > >
> > > > thanks
> > > > Dave
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: ptwilliams?
    ... I'm wondering if this might be a User Rights Assignment issue similar to (if ... > password I tried to reset was a DC at a remote location. ... I'm glad Mark was able to help you!! ... >> logging into the console and getting a 'command completed successfully' ...
    (microsoft.public.win2000.active_directory)
  • Re: Delegate Control... Reset Passwords
    ... Don't use existing AD groups to do that, create your own Groups and assign the necessary permissions to do their job. ... RESET USER PASSWORDS ... This posting is provided "AS IS" with no warranties and confers no rights! ...
    (microsoft.public.windows.server.active_directory)
  • Re: EVERYONE has password change rights, but how?
    ... otherwise an admin will need to 'reset' it. ... Granting Change Password Permissions to the Everyone Group ... "For Windows XP and Windows Server 2003 local accounts, ... password reset disk, see product documentation and/or the article "HOW TO: ...
    (microsoft.public.windows.server.active_directory)
  • Re: Protected Groups changing rights
    ... You can use the command dsacls /s to reset the security of AD objects to ... This modified the rights on the user objects ... This has caused an issue where users can not add delegates to ...
    (microsoft.public.windows.server.active_directory)
  • Re: Wireless router safety and vulnerabilities
    ... Anything less just does a reboot. ... Reset to defaults requires ... And some router models may take longer to boot. ... |>Without encryption, the traffic is in the clear, including the MAC ...
    (alt.internet.wireless)