Authentication may fail, or you may receive an 807 error or a 691 error, when you try to connect to the Network Policy Server on a Windows Server 2008-based server

On a Windows-based client computer, you use a Connection Manager (CM) profile together with Network Access Protection (NAP). When you try to connect to the Network Policy Server (NPS) on a Windows Server 2008-based server, the following authentications may fail:

• Protected Extensible Authentication Protocol (PEAP)
• Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2)

The PEAP and the MS-CHAPv2 authentications may fail the first time or on reauthentication. Additionally, you may receive an 807 error or a 691 error.

This issue occurs if the client computer does not provide a domain membership attribution for the user account.

This issue occurs because the Windows Server 2008-based server cannot verify the client computer's user account.

To work around this issue, enter the domain name and the user name when you perform the PEAP and the MS-CHAP v2 authentications.

Consider a scenario in which the user name is "Someone" and the domain name is "Adatum.com." In this scenario, you must enter the following item in the User name box when you perform the PEAP and the MS-CHAP v2 authentications:

For more information about Network Access Protection (NAP) for Windows Server 2008, visit the following Microsoft Web site: