An update is available that enables RRAS servers that are running Windows Server 2008 to use the DH-2048 algorithm together with the AES-256 algorithm to negotiate IKE in the L2TP

Article translations Article translations
Article ID: 967167 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

An update is available that enables Routing and Remote Access service (RRAS) servers that are running Windows Server 2008 to negotiate Internet Key Exchange (IKE) differently. This update allows these RRAS servers to use the Diffie-Hellman 2048 (DH-2048) algorithm together with the AES-256 algorithm to negotiate IKE in the Layer 2 Tunneling Protocol (L2TP).

MORE INFORMATION

Update information

Important Windows Vista and Windows Server 2008 hotfixes are included in the same packages. However, only one of these products may be listed on the “Hotfix Request” page. To request the hotfix package that applies to both Windows Vista and Windows Server 2008, just select the product that is listed on the page.

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Update installation instructions

To apply this update, you must install the update on both the RRAS servers and the RRAS clients. Then, apply the required registry setting on the RRAS servers. To apply this required registry setting on an RRAS server, follow these steps:
  1. Open Registry Editor.
  2. Locate and then right-click the following registry subkey:
    HEKY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\Parameters
  3. Point to New, and then click DWORD Value.
  4. Type NegotiateDH2048_AES256, and then press ENTER.
  5. Right-click NegotiateDH2048_AES256, and then click Modify.
  6. In the Value data box, type 0, 1, or 2 as appropriate, and then click OK.
    • 0 (default value): The DH-2048 algorithm together with the AES-256 algorithm to negotiate IKE is not supported.
    • 1: The DH-2048 algorithm together with the AES-256 algorithm is available in the IKE list.
    • 2: Only the DH-2048 algorithm together with the AES-256 algorithm is supported.
  7. Exit Registry Editor.

Prerequisites

To apply this update, your computer must be running one of the following operating systems:
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update does not replace any other updates.

File information

The Global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista and Windows Server 2008 file information notes
  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
    Collapse this tableExpand this table
    VersionProductSR_LevelService branch
    6.0.6000.16xxxWindows VistaRTMGDR
    6.0.6000.20xxxWindows VistaRTMLDR
    6.0.6001.18xxxWindows Vista and Windows Server 2008SP1GDR
    6.0.6001.22xxxWindows Vista and Windows Server 2008SP1LDR
    6.0.6002.18xxxWindows Vista and Windows Server 2008SP2GDR
    6.0.6002.22xxxWindows Vista and Windows Server 2008SP2LDR
  • Service Pack 1 is integrated into the original release of Windows Server 2008.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Rasmans.dll6.0.6001.22436261,63220-May-200912:40x86
For all supported x86-based versions of Windows Server 2008 SP2 and of Windows Vista SP2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Rasmans.dll6.0.6002.22139261,63220-May-200912:32x86
For all supported x64-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Rasmans.dll6.0.6001.22436309,76020-May-200912:54x64
For all supported x64-based versions of Windows Server 2008 SP2 and Windows Vista SP2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Rasmans.dll6.0.6001.22436309,76020-May-200912:54x64
For all supported Itanium-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Rasmans.dll6.0.6001.22436629,24820-May-200912:42IA-64
For all supported Itanium-based versions of Windows Server 2008 SP2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Rasmans.dll6.0.6002.22139629,76020-May-200912:29IA-64

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

MORE INFORMATION

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information for Windows Server 2008 and for Windows Vista

Additional files for all supported x86-based versions of Windows Server 2008 and of Windows Vista

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb967167_client_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,36722-May-200911:56Not Applicable
Package_for_kb967167_client_2~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,53022-May-200911:56Not Applicable
Package_for_kb967167_client~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,71322-May-200911:56Not Applicable
Package_for_kb967167_server_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42522-May-200911:56Not Applicable
Package_for_kb967167_server_1~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,53122-May-200911:56Not Applicable
Package_for_kb967167_server~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,71322-May-200911:56Not Applicable
Package_for_kb967167_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,42222-May-200911:56Not Applicable
Package_for_kb967167_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mumNot Applicable1,43022-May-200911:56Not Applicable
X86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.22436_none_9f2ccab6b9d90675.manifestNot Applicable20,25220-May-200914:16Not Applicable
X86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6002.22139_none_a1163d7cb6fca79e.manifestNot Applicable20,25220-May-200913:47Not Applicable

Additional files for all supported x64-based versions of Windows Server 2008 and of Windows Vista

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.22436_none_fb4b663a723677ab.manifestNot Applicable20,58220-May-200914:32Not Applicable
Amd64_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6002.22139_none_fd34d9006f5a18d4.manifestNot Applicable20,58220-May-200913:49Not Applicable
Package_for_kb967167_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,37522-May-200911:56Not Applicable
Package_for_kb967167_client_2~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,54022-May-200911:56Not Applicable
Package_for_kb967167_client~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,72322-May-200911:56Not Applicable
Package_for_kb967167_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43322-May-200911:56Not Applicable
Package_for_kb967167_server_1~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,54122-May-200911:56Not Applicable
Package_for_kb967167_server~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,72322-May-200911:56Not Applicable
Package_for_kb967167_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43022-May-200911:56Not Applicable
Package_for_kb967167_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mumNot Applicable1,43822-May-200911:56Not Applicable

Additional files for all supported Itanium-based versions of Windows Server 2008

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6001.22436_none_9f2e6eacb9d70f71.manifestNot Applicable20,54120-May-200914:04Not Applicable
Ia64_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6002.22139_none_a117e172b6fab09a.manifestNot Applicable20,54120-May-200913:32Not Applicable
Package_for_kb967167_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42922-May-200911:56Not Applicable
Package_for_kb967167_server_1~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,37022-May-200911:56Not Applicable
Package_for_kb967167_server~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,71622-May-200911:56Not Applicable
Package_for_kb967167_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,42622-May-200911:56Not Applicable
Package_for_kb967167_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mumNot Applicable1,43322-May-200911:56Not Applicable

Properties

Article ID: 967167 - Last Review: October 7, 2011 - Revision: 2.0
APPLIES TO
  • Windows Vista Ultimate
  • Windows Vista Home Premium
  • Windows Vista Home Basic
  • Windows Vista Enterprise
  • Windows Vista Business
  • Windows Vista Business 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
  • Windows Server 2008 Standard
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Web Server 2008
Keywords: 
kbautohotfix kbexpertiseinter kbsurveynew kbbug kbfix kbqfe KB967167

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com