Article ID: 285901 - View products that this article applies to.
This article was previously published under Q285901
This article has been archived. It is offered "as is" and will no longer be updated.
Remote Access, Remote Installation Services (RIS), and VPN clients cannot establish sessions with a server that is configured to accept only NTLM 2 authentication.
Microsoft Windows 2000-based clients cannot send an NTLM 2 challenge response. Therefore, Windows 2000-based clients use NTLM instead.
RIS clientsThere is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. Windows XP SP1 includes the RIS client functionality of using NTLM 2 authentication to connect to the RIS server. This functionality is not available for Windows NT 4.0 or Windows 2000 RIS clients.
Remote access and VPN clientsThere is currently no resolution for this problem for Windows NT 4.0 or for Windows 2000. In Windows 2000, you can set up Extensible Authentication Protocol (EAP) and use smart cards or you can write an extension of your own. In Windows 2000, you can enable Internet Protocol Security (IPSec) and the authentication will be encrypted. This only resolves the problem for VPN.
For more information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(https://support.microsoft.com/kb/265112/ )IPSec and L2TP implementation in Windows 2000
(https://support.microsoft.com/kb/325033/ )Configuring Microsoft L2TP/IPSec VPN for earlier clients
Article ID: 285901 - Last Review: October 26, 2013 - Revision: 6.0