Remote access, VPN, and RIS clients cannot establish sessions with a server that is configured to accept only NTLM version 2 authentication (285901)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Workstation 4.0
This article was previously published under Q285901 SYMPTOMS Remote Access, Remote Installation Services (RIS), and VPN clients cannot establish sessions with a server that is configured to accept only NTLM 2 authentication. CAUSE Microsoft Windows 2000-based clients cannot send an NTLM 2 challenge response. Therefore, Windows 2000-based clients use NTLM instead.RESOLUTIONRIS clientsThere is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. Windows XP SP1 includes the RIS client functionality of using NTLM 2 authentication to connect to the RIS server. This functionality is not available for Windows NT 4.0 or Windows 2000 RIS clients. Remote access and VPN clientsThere is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. In Windows 2000, you can set up Extensible Authentication Protocol (EAP) and use smart cards or you can write an extension of your own. In Windows 2000, you can enable Internet Protocol Security (IPSec) and the authentication will be encrypted. This only resolves the problem for VPN.
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
265112
IPSec and L2TP implementation in Windows 2000
325033 Configuring Microsoft L2TP/IPSec VPN for earlier clients
| Modification Type: | Major | Last Reviewed: | 5/19/2005 |
|---|
| Keywords: | kbfix kbprb kbWin2000PreSP3Fix KB285901 kbAudITPRO |
|---|
|