Microsoft KB Archive/254163

From BetaArchive Wiki
Knowledge Base

Clients Cannot Connect Using MSCHAPv2 Authentication After Upgrade from Windows 2000 Server Beta 3 to RC3

PSS ID Number: 254163

Article Last Modified on 10/11/2002

The information in this article applies to:

  • Microsoft Windows 2000 Server

This article was previously published under Q254163


After you upgrade from Microsoft Windows 2000 Server Beta 3 to Windows 2000 Server Release Candidate 3 (RC3), the server does not allow any dial-in connection that uses MSCHAPv2 authentication, and client connection attempts do not succeed when using MSCHAPv2.


This behavior occurs because Remote Access Policy or Microsoft Internet Authentication Service (IAS) in Windows 2000 Server Beta 3 did not include an entry for MSCHAPv2; the server remapped MSCHAPv2 authentication responses to MSCHAPv1 before presenting them. When you upgrade from Beta 3 to RC3, Remote Access Policy is preserved and MSCHAPv2 authentication is not allowed. As a result, the Remote Access Policy does not allow any connection that uses MSCHAPv2.


Manually change the Remote Access Policy on the Windows 2000 RC3 Server or IAS server to allow MSCHAPv2 authentication.


This behavior affects Virtual Private Network (VPN) connections from all clients and both dial-up and VPN connections from Windows 2000-based clients.

This behavior does not occur if you perform a fresh installation of Windows 2000 RC3, and it does not occur when you upgrade from RC1.

Additional query words: win2krelnotes

Keywords: kbprb KB254163
Technology: kbwin2000Search kbwin2000Serv kbwin2000ServSearch