Microsoft KB Archive/227815

= With Encryption Required You Can Still Select PAP, SPAP, or CHAP =

Article ID: 227815

Article Last Modified on 2/27/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q227815



SYMPTOMS
When you configure a Dial-Up Networking connection to require data encryption, you may be able to select Password Authentication Protocol (PAP), Shiva Password Authentication Protocol (SPAP), or Challenge Handshake Authentication Protocol (CHAP), even though these protocols do not support data encryption.



STATUS
Microsoft has confirmed that this is a problem in Windows 2000.



MORE INFORMATION
To configure the Advanced Security Settings of a Dial-Up Networking connection, follow these steps:
 * 1) Right-click the Dial-Up Networking connection, and then click Properties.
 * 2) On the Security tab, click Advanced (Custom Settings), and then click Settings.
 * 3) In the Data Encryption box, click Require encryption(disconnect if server declines).
 * 4) Under Logon Security, click to select the check boxes for the protocols you want to use, and then click OK.

When you click Require encryption(disconnect if server declines), you may click to select the Unencrypted Password (PAP), Shiva Password Authentication Protocol (SPAP), or Challenge Handshake Authentication Protocol (CHAP) check boxes, even though these protocols do not require encryption. In addition, you are required to select at least one of the MS-CHAP protocols or the Extensible Authentication Protocol (EAP).

If you do not select a version of MS-CHAP or EAP, you receive the following error message:

The current encryption selection requires EAP or some version of MS-CHAP logon security methods.

If you select at least one version of MS-CHAP in addition to PAP, SPAP, or CHAP, you receive the following error message:

The protocols you have selected include PAP, SPAP and/or CHAP. If one of these is negotiated, data encryption will not occur. Do you want to keep these settings?

If you click Yes, the connection does not use PAP, SPAP, or CHAP. Since data encryption is required, the connection uses only the versions of MS-CHAP you selected.

Keywords: kbenv kberrmsg kbnetwork kbprb KB227815

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.