You receive the error code if the VPN server computer is running a version of Windows that is earlier than Windows Vista. For example, you may receive the error code if the server computer is running Microsoft Windows Server 2003 or Microsoft Windows 2000 Server.
Additionally, you can configure the client computer to support lower encryption levels as Method 2 describes. However, we do not recommend this configuration.
Method 1Note Because there are several versions of Microsoft Windows, the following steps may be different on your computer. If they are, see your product documentation to complete these steps.
Configure the VPN server computerTo configure the encryption settings on the VPN server computer, follow these steps:
- Click Start, point to Programs, point to Administrative Tools, and then click Routing and Remote Access.
- Expand Server_Name (local), and then click Remote Access Policies.
- In the right pane, double-click the Connections to Microsoft Routing and Remote Access server policy.
- Click Edit Profile, and then click the Encryption tab.
- Click to select the Strongest encryption (MPPE 128 bit) check box, and then click OK two times.
- In the Services snap-in, restart the Routing and Remote Access service.
Configure the client computerTo configure the encryption settings on the client computer, follow these steps:
- Click Start, and then click Connect to.
- Right-click the VPN connection that you want, and then click Properties.
- Click the Security tab, click Advanced (Custom Settings), and then click Settings.
- In the Data encryption box, click Maximum strength encryption (disconnect if server declines), and then click OK two times.
Method 2Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Note Use this method if the server computer does not support 128-bit RC4 encryption.
To provide support for the 40-bit encryption levels and for the 56-bit encryption levels on a client computer that is running Windows Vista, you must configure the AllowPPTPWeakCrypto registry entry. To do this, follow these steps:
- Click Start, and then type regedit in the Start Search box.
- In the search results list, right-click regedit, click Run as Administrator, and then click Continue in the User Account Control dialog box.
- Locate, and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters
- Create the following registry entry under the previous subkey. If this entry already exists, edit it so that it appears as follows:
Value type: DWORD
Value data: 1
- Exit Registry Editor.
- Restart the computer.
Article ID: 929857 - Last Review: Oct 21, 2008 - Revision: 1