PSS ID Number: 254163
Article Last Modified on 10/11/2002
The information in this article applies to:
- Microsoft Windows 2000 Server
This article was previously published under Q254163
SYMPTOMS
After you upgrade from Microsoft Windows 2000 Server Beta 3 to Windows 2000 Server Release Candidate 3 (RC3), the server does not allow any dial-in connection that uses MSCHAPv2 authentication, and client connection attempts do not succeed when using MSCHAPv2.
CAUSE
This behavior occurs because Remote Access Policy or Microsoft Internet Authentication Service (IAS) in Windows 2000 Server Beta 3 did not include an entry for MSCHAPv2; the server remapped MSCHAPv2 authentication responses to MSCHAPv1 before presenting them. When you upgrade from Beta 3 to RC3, Remote Access Policy is preserved and MSCHAPv2 authentication is not allowed. As a result, the Remote Access Policy does not allow any connection that uses MSCHAPv2.
RESOLUTION
Manually change the Remote Access Policy on the Windows 2000 RC3 Server or IAS server to allow MSCHAPv2 authentication.
MORE INFORMATION
This behavior affects Virtual Private Network (VPN) connections from all clients and both dial-up and VPN connections from Windows 2000-based clients.
This behavior does not occur if you perform a fresh installation of Windows 2000 RC3, and it does not occur when you upgrade from RC1.
Additional query words: win2krelnotes
Keywords: kbprb KB254163
Technology: kbwin2000Search kbwin2000Serv kbwin2000ServSearch