Microsoft KB Archive/943070

= Authentication may fail, or you may receive an 807 error or a 691 error, when you try to connect to the Network Policy Server on a Windows Server 2008-based server =

Article ID: 943070

Article Last Modified on 11/12/2007

-

APPLIES TO


 * Windows Server 2008 Datacenter
 * Windows Server 2008 Datacenter 32-Bit
 * Windows Server 2008 Enterprise
 * Windows Server 2008 Enterprise 32-Bit
 * Windows Server 2008 for Itanium-Based Systems
 * Windows Server 2008 Standard
 * Windows Server 2008 Standard 32-Bit

-





Beta Information
This article discusses a beta release of a Microsoft product. The information in this article is provided as-is and is subject to change without notice.

No formal product support is available from Microsoft for this beta product. For information about how to obtain support for a beta release, see the documentation that is included with the beta product files, or check the Web location where you downloaded the release.



SYMPTOMS
On a Windows-based client computer, you use a Connection Manager (CM) profile together with Network Access Protection (NAP). When you try to connect to the Network Policy Server (NPS) on a Windows Server 2008-based server, the following authentications may fail:
 * Protected Extensible Authentication Protocol (PEAP)
 * Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

The PEAP and the MS-CHAPv2 authentications may fail the first time or on reauthentication. Additionally, you may receive an 807 error or a 691 error.

This issue occurs if the client computer does not provide a domain membership attribution for the user account.



CAUSE
This issue occurs because the Windows Server 2008-based server cannot verify the client computer's user account.



WORKAROUND
To work around this issue, enter the domain name and the user name when you perform the PEAP and the MS-CHAP v2 authentications.

Consider a scenario in which the user name is &quot;Someone&quot; and the domain name is &quot;Adatum.com.&quot; In this scenario, you must enter the following item in the User name box when you perform the PEAP and the MS-CHAP v2 authentications:

Adatum\Someone



MORE INFORMATION
For more information about Network Access Protection (NAP) for Windows Server 2008, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2008/network-access-protection.mspx

Keywords: kbtshoot kbexpertiseadvanced kbprb KB943070

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.