PPP Connection Fails Between Windows NT RAS Server & UNIX Client (150581)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0
This article was previously published under Q150581

The PPP connection between a UNIX PPP client and the Windows NT PPP Server fails.

CAUSE

A possible cause is an inadequate value for MaxReject.

If the PPP client and the PPP server try to negotiate different link attributes, several Configuration Negative Acknowledgments (CNAKs) might be sent before they are able to decide which attributes to use. By default, Windows NT terminates the negotiation after five unsuccessful attempts.

RESOLUTION

If you are experiencing issues with a PPP negotiation, try to increase MaxReject, or even better, configure the PPP client to negotiate to the same attributes that Windows NT RAS Server tries to negotiate to.

MORE INFORMATION

NOTE: MaxReject must be configured on both client and server.

Below is a description of RAS PPP Subkey Entries in the registry.

WARNING: Using Registry Editor incorrectly can cause serious, system-wide issues that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any issues resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

RAS PPP Subkey Entries

Registry path: 

   HKEY_LOCAL_MACHINE\SYSTEM
      \CurrentControlSet
         \Services
            \Rasman
               \PPP

ForceEncryptedPassword  REG_DWORD
Range:                  Boolean
Default:                1 (enabled)

   This is a server-side parameter only. It is used to force the use of the
   Challenge-Handshake Authentication Protocol while authenticating clients.
   This means that the cleartest password may not get sent on the wire
   during authentication.

MaxConfigure            REG_DWORD
Range:                  Number
Default:                10

   Indicates the number of Configure-Request packets sent without
   receiving a valid Configure-Ack, Configure-Nak, or Configure-Reject,
   before assuming that the peer is unable to respond.


MaxFailure              REG_DWORD
Range:                  Number
Default:                10

   Indicates the number of Configure-Nak packets sent without sending a
   Configure-Ack, before assuming that the configuration is not converging.

MaxReject               REG_DWORD
Range:                  Number
Default:                5

   Indicates the number of Config-Rejects sent before assuming that the PPP
   negotiation may not converge.

MaxTerminate            REG_DWORD
Range:                  Number
Default:                2

   Indicates the number of Terminate-Request packets sent without receiving
   a Terminate-Ack, before assuming that the peer is unable to respond.

PPP Link Attributes the Windows NT Server Tries to Negotiate To

MRU            Maximum Receive Unit = 1500
ASYNC-MAP      Async control character map = 0x00000000
AUTH           Authentication = CHAP-Challenge Handshake Authentication
               Protocol
MAGIC          Do Magic number negotiation
PROT.COMP      Do Protocol Compression
ADR/CF.COMP    Do Address-Control Field Compression


If possible, try to configure the PPP client to use the same settings as the Windows NT RAS server default settings.

Sample Configuration File "ppphosts" from a SCO UNIX System

In the example below, the UNIX system's values for dialing in to the Windows NT RAS server has been modified to be as close as possible to what the Windows NT RAS server may try to negotiate to. This is to minimize the number of "Configuration Negative Acknowledgment" packages. 

#
#      @(#)ppphosts  4.2.1.3 Lachman System V STREAMS TCP  source
#      SCCS IDENTIFICATION
#  System V STREAMS TCP - Release 5.0
#
#  One tab between fields only
#
# Entries have this format:
# Name tty System [Timer options] [Link options] [IP options] [Other]
# Those fields in brackets ([]) are optional
#
# Entries may continue onto multiple lines by giving a '\' as the
# last character of a line.
#
# Name      destination host or ppp login name (starting with *)
# tty       tty name for direct connection
#
# Timer options:
#  "idle=idle_time"  idle_time is the inactivity timeout
#          in minutes (default = forever)
#  "tmout=timeout"   timeout per PPP protocol request (default = 3 seconds)
#  "conf=num"    Set the maximum number of times of configure retry
#          (default = 10)
#  "term=num"    Set the maximum number of times of termination retry
#          (default = 2)
#  "nak=num"     Set the maximum number of times of configure-nak
#          retry (default = 10)
#
# Link options:
#  "mru=num".        Set the maximum receive unit (default = 296)
#  "accm=num(hex)"   Set the asyc control character map
#          (default = 0x00000000)
#  "pap"         Do password authentication
#          (default: no password authentication)
#  "nomgc"       disable magic number negotiation
#          (default: enable magic number negotiation)
#  "protcomp"    Do protocol field compression
#          (default: no protocol field compression)
#  "accomp"      Do addrerss-control field compression
#          (default: no addrerss-control field compression)
#
# IP options
#  "ipaddr"      Do IP address negotiation
#          (default: no IP address negotion)
#  "rfc1172addr"     Using RFC1172 IP addresses negotiation
#          (default: RFC1332 IP address negotiation)
#  "VJ"              Do  VJ Compressed TCP/IP
#          (default: no VJ compressed TCP/IP)
#
# Other
#  "paptmout=tmout"  PPP waits for the peer to password authenticate
#          itself for tmout minutes
#          (default = 1)
#  "rtscts"   set the line to use hardware(RTS/CTS) flow control
#          (default: no flow control)
#
# Examples:
# 1. For outbound PPP connection,
# ice_sl tty00 ice idle=5 tmout=3 conf=10 term=2 nak=10 mru=296
# accm=ffffffff\ 
#  pap nomgc protcomp accomp ipaddr  rfc1172addr VJ old
#
# 2. For inbound PPP connection,
##################################################################

192.100.1.1 - englab007 pap mru=1500 accm=0x00000000 protcomp accomp\ 
              idle=5 tmout=5 conf=5 term=7 nak=10 rtscts
Modification Type:MajorLast Reviewed:6/3/2003
Keywords:kb3rdparty kbenv kbnetwork KB150581
©2002 Microsoft Corporation. All rights reserved.