EAP Challenge from a RAS Server Is Ignored by a RAS Client (296739)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q296739 SYMPTOMS
When you use the Extensible Authentication Protocol-Message Digest 5 Challenge Handshake Authentication Protocol (EAP-MD5 CHAP) for RAS or Radius Authentication, the first EAP Challenge from the RAS Server is ignored by the RAS client.
RESOLUTION
EAP MD5 has been updated in Windows 2000 Service Pack 2 to respond to the first EAP Challenge presented by the RAS Server.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. MORE INFORMATION
Windows 2000 includes support for two new authentication protocols: Extensible Authentication Protocol and Transport Layer Security (EAP/TLS) for cryptographic smart cards and MSCHAPv2 for security enhancements over MSCHAPv1. These are mutual authentication protocols in which both the client and the server prove their identities.
For successful authentication, both the remote access client and authenticator must have the same EAP authentication module installed. Windows 2000 provides two EAP types: EAP-MD5 CHAP and EAP-TLS. You can also install additional EAP types. The components for an EAP type must be installed on every remote access client and every authenticator.
| Modification Type: | Minor | Last Reviewed: | 1/27/2006 |
|---|
| Keywords: | kbbug kbenv kbpending KB296739 |
|---|
|