Microsoft KB Archive/285901

= Remote access, VPN, and RIS clients cannot establish sessions with a server that is configured to accept only NTLM version 2 authentication =

Article ID: 285901

Article Last Modified on 10/26/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-



This article was previously published under Q285901



SYMPTOMS
Remote Access, Remote Installation Services (RIS), and VPN clients cannot establish sessions with a server that is configured to accept only NTLM 2 authentication.



CAUSE
Microsoft Windows 2000-based clients cannot send an NTLM 2 challenge response. Therefore, Windows 2000-based clients use NTLM instead.



RIS clients
There is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. Windows XP SP1 includes the RIS client functionality of using NTLM 2 authentication to connect to the RIS server. This functionality is not available for Windows NT 4.0 or Windows 2000 RIS clients.

Remote access and VPN clients
There is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. In Windows 2000, you can set up Extensible Authentication Protocol (EAP) and use smart cards or you can write an extension of your own. In Windows 2000, you can enable Internet Protocol Security (IPSec) and the authentication will be encrypted. This only resolves the problem for VPN.

For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

265112 IPSec and L2TP implementation in Windows 2000

325033 Configuring Microsoft L2TP/IPSec VPN for earlier clients

Additional query words: ras ntlmv2

Keywords: kbfix kbprb kbwin2000presp3fix KB285901

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.