This article was previously published under Q285901
This article has been archived. It is offered "as is" and will no longer be updated.
Remote Access, Remote Installation Services (RIS), and VPN clients cannot establish sessions with a server that is configured to accept only NTLM 2 authentication.
Microsoft Windows 2000-based clients cannot send an NTLM 2 challenge response. Therefore, Windows 2000-based clients use NTLM instead.
There is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. Windows XP SP1 includes the RIS client functionality of using NTLM 2 authentication to connect to the RIS server. This functionality is not available for Windows NT 4.0 or Windows 2000 RIS clients.
Remote access and VPN clients
There is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. In Windows 2000, you can set up Extensible Authentication Protocol (EAP) and use smart cards or you can write an extension of your own. In Windows 2000, you can enable Internet Protocol Security (IPSec) and the authentication will be encrypted. This only resolves the problem for VPN.
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
265112 IPSec and L2TP implementation in Windows 2000
325033 Configuring Microsoft L2TP/IPSec VPN for earlier clients
Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows 2000 Professional Edition, Microsoft Windows NT Server 4.0 Standard Edition, Microsoft Windows NT Workstation 4.0 Developer Edition