EAP Challenge from a RAS Server Is Ignored by a RAS Client

Article translations Article translations
Article ID: 296739 - View products that this article applies to.
This article was previously published under Q296739
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

SYMPTOMS

When you use the Extensible Authentication Protocol-Message Digest 5 Challenge Handshake Authentication Protocol (EAP-MD5 CHAP) for RAS or Radius Authentication, the first EAP Challenge from the RAS Server is ignored by the RAS client.

RESOLUTION

EAP MD5 has been updated in Windows 2000 Service Pack 2 to respond to the first EAP Challenge presented by the RAS Server.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

MORE INFORMATION

Windows 2000 includes support for two new authentication protocols: Extensible Authentication Protocol and Transport Layer Security (EAP/TLS) for cryptographic smart cards and MSCHAPv2 for security enhancements over MSCHAPv1. These are mutual authentication protocols in which both the client and the server prove their identities.

For successful authentication, both the remote access client and authenticator must have the same EAP authentication module installed. Windows 2000 provides two EAP types: EAP-MD5 CHAP and EAP-TLS. You can also install additional EAP types. The components for an EAP type must be installed on every remote access client and every authenticator.

Properties

Article ID: 296739 - Last Review: October 23, 2013 - Revision: 3.3
APPLIES TO
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
Keywords: 
kbnosurvey kbarchive kbbug kbenv kbpending KB296739

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com