Help and Support
 

powered byLive Search

You receive error code 741 when you try to make a PPTP-based VPN connection on a computer that is running Windows Vista

View products that this article applies to.
Article ID:929857
Last Review:January 23, 2007
Revision:1.4
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

On This Page

SYMPTOMS

When you try to make a Point-to-Point Tunneling Protocol (PPTP)-based virtual private network (VPN) connection to a VPN server computer, you receive error code 741. This behavior occurs on a computer that is running Windows Vista.

You receive the error code if the VPN server computer is running a version of Windows that is earlier than Windows Vista. For example, you may receive the error code if the server computer is running Microsoft Windows Server 2003 or Microsoft Windows 2000 Server.

Back to the top

CAUSE

This behavior occurs because Windows Vista does not have default support for the 40-bit and for the 56-bit encryption levels under the RC4 algorithm. By default, Windows Vista supports 128-bit encryption.

Back to the top

WORKAROUND

To work around this behavior, you must configure the encryption settings on the server computer and on the client computer as Method 1 describes.

Additionally, you can configure the client computer to support lower encryption levels as Method 2 describes. However, we do not recommend this configuration.

Back to the top

Method 1

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Configure the VPN server computer

To configure the encryption settings on the VPN server computer, follow these steps:
1.Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
2.Expand Server_Name (local), and then click Remote Access Policies.
3.In the right pane, double-click the Connections to Microsoft Routing and Remote Access server policy.
4.Click Edit Profile, and then click the Encryption tab.
5.Click to select the Strongest encryption (MPPE 128 bit) check box, and then click OK two times.
6.In the Services snap-in, restart the Routing and Remote Access service.

Configure the client computer

To configure the encryption settings on the client computer, follow these steps:
1.Click Start, and then click Connect to.
2.Right-click the VPN connection that you want, and then click Properties.
3.Click the Security tab, click Advanced (Custom Settings), and then click Settings.
4.In the Data encryption box, click Maximum strength encryption (disconnect if server declines), and then click OK two times.
Note This configuration establishes the VPN connection by using 128-bit encryption and the RC4 algorithm.

Back to the top

Method 2

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 (http://support.microsoft.com/kb/322756/) How to back up and restore the registry in Windows


Note Use this method if the server computer does not support 128-bit RC4 encryption.

To provide support for the 40-bit encryption levels and for the 56-bit encryption levels on a client computer that is running Windows Vista, you must configure the AllowPPTPWeakCrypto registry entry. To do this, follow these steps:
1.Click Start, and then type regedit in the Start Search box.
2.In the search results list, right-click regedit, click Run as Administrator, and then click Continue in the User Account Control dialog box.
3.Locate, and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
4.Create the following registry entry under the previous subkey. If this entry already exists, edit it so that it appears as follows:

Name: AllowPPTPWeakCrypto
Value type: DWORD
Value data: 1
5.Exit Registry Editor.
6.Restart the computer.

Back to the top

APPLIES TO
Windows Vista Ultimate
Windows Vista Business
Windows Vista Enterprise
Windows Vista Home Basic
Windows Vista Home Premium

Back to the top

Keywords: 
kbconnectionfailures kbexpertiseadvanced kbtshoot KB929857

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.