You receive error code 741 when you try to make a PPTP-based VPN connection on a computer that is running Windows Vista

Article translations Article translations
Article ID: 929857 - View products that this article applies to.
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect the computer.

Expand all | Collapse all

On This Page

SYMPTOMS

When you try to make a Point-to-Point Tunneling Protocol (PPTP)-based virtual private network (VPN) connection to a VPN server computer, you receive error code 741. This behavior occurs on a computer that is running Windows Vista.

You receive the error code if the VPN server computer is running a version of Windows that is earlier than Windows Vista. For example, you may receive the error code if the server computer is running Microsoft Windows Server 2003 or Microsoft Windows 2000 Server.

CAUSE

This behavior occurs because Windows Vista does not have default support for the 40-bit and for the 56-bit encryption levels under the RC4 algorithm. By default, Windows Vista supports 128-bit encryption.

WORKAROUND

To work around this behavior, you must configure the encryption settings on the server computer and on the client computer as Method 1 describes.

Additionally, you can configure the client computer to support lower encryption levels as Method 2 describes. However, we do not recommend this configuration.

Method 1

Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.

Configure the VPN server computer

To configure the encryption settings on the VPN server computer, follow these steps:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
  2. Expand Server_Name (local), and then click Remote Access Policies.
  3. In the right pane, double-click the Connections to Microsoft Routing and Remote Access server policy.
  4. Click Edit Profile, and then click the Encryption tab.
  5. Click to select the Strongest encryption (MPPE 128 bit) check box, and then click OK two times.
  6. In the Services snap-in, restart the Routing and Remote Access service.

Configure the client computer

To configure the encryption settings on the client computer, follow these steps:
  1. Click Start, and then click Connect to.
  2. Right-click the VPN connection that you want, and then click Properties.
  3. Click the Security tab, click Advanced (Custom Settings), and then click Settings.
  4. In the Data encryption box, click Maximum strength encryption (disconnect if server declines), and then click OK two times.
Note This configuration establishes the VPN connection by using 128-bit encryption and the RC4 algorithm.

Method 2

Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


Note Use this method if the server computer does not support 128-bit RC4 encryption.

To provide support for the 40-bit encryption levels and for the 56-bit encryption levels on a client computer that is running Windows Vista, you must configure the AllowPPTPWeakCrypto registry entry. To do this, follow these steps:
  1. Click Start, and then type regedit in the Start Search box.
  2. In the search results list, right-click regedit, click Run as Administrator, and then click Continue in the User Account Control dialog box.
  3. Locate, and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
  4. Create the following registry entry under the previous subkey. If this entry already exists, edit it so that it appears as follows:

    Name: AllowPPTPWeakCrypto
    Value type: DWORD
    Value data: 1
  5. Exit Registry Editor.
  6. Restart the computer.

Properties

Article ID: 929857 - Last Review: January 23, 2007 - Revision: 1.5
APPLIES TO
  • Windows Vista Ultimate
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Home Basic
  • Windows Vista Home Premium
Keywords: 
kbconnectionfailures kbexpertiseadvanced kbtshoot KB929857

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com