Article ID: 296739
Article Last Modified on 2/28/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q296739
SYMPTOMS
When you use the Extensible Authentication Protocol-Message Digest 5 Challenge Handshake Authentication Protocol (EAP-MD5 CHAP) for RAS or Radius Authentication, the first EAP Challenge from the RAS Server is ignored by the RAS client.
RESOLUTION
EAP MD5 has been updated in Windows 2000 Service Pack 2 to respond to the first EAP Challenge presented by the RAS Server.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
Windows 2000 includes support for two new authentication protocols: Extensible Authentication Protocol and Transport Layer Security (EAP/TLS) for cryptographic smart cards and MSCHAPv2 for security enhancements over MSCHAPv1. These are mutual authentication protocols in which both the client and the server prove their identities.
For successful authentication, both the remote access client and authenticator must have the same EAP authentication module installed. Windows 2000 provides two EAP types: EAP-MD5 CHAP and EAP-TLS. You can also install additional EAP types. The components for an EAP type must be installed on every remote access client and every authenticator.
Keywords: kbbug kbenv kbpending KB296739