NTLMv2 and ISA Firewall VPN Services – The Solution

By /

Great post from Jason Jones on the ISAserver.org Web boards:

Thought this info may be of use…

Had an issue today with ISA VPN authenticating to domain controllers that are configured to only accept NTLMv2. This was a problem as MSCHAP and MSCHAP2 only use NTLMv1 by default and hence you cannot autenticate to an ISA VPN conection as the DC’s refuse the credentials.

This can be fixed with Win2k3 SP1 by adding a reg key on the ISA server and restarting the RRAS service. RRAS can then use NTLMv2 allowing successful VPN auth…hurrah!! s4

http://support.microsoft.com/kb/893318/en-us

Cheers

JJ

_____________________________

Jason Jones – Silversands – http://www.silversands.co.uk

Thanks Jason! Great tip.

HTH,

Tom

Thomas W Shinder, M.D.

Site: www.isaserver.org

Blog: http://blogs.isaserver.org/shinder/

Book: http://tinyurl.com/3xqb7

MVP — ISA Firewalls

About The Author

Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top