NTLMv2 and ISA Firewall VPN Services – The Solution

Great post from Jason Jones on the ISAserver.org Web boards:

Thought this info may be of use…

Had an issue today with ISA VPN authenticating to domain controllers that are configured to only accept NTLMv2. This was a problem as MSCHAP and MSCHAP2 only use NTLMv1 by default and hence you cannot autenticate to an ISA VPN conection as the DC’s refuse the credentials.

This can be fixed with Win2k3 SP1 by adding a reg key on the ISA server and restarting the RRAS service. RRAS can then use NTLMv2 allowing successful VPN auth…hurrah!! s4





Jason Jones – Silversands – http://www.silversands.co.uk

Thanks Jason! Great tip.



Thomas W Shinder, M.D.

Site: www.isaserver.org

Blog: http://blogs.isaserver.org/shinder/

Book: http://tinyurl.com/3xqb7

MVP — ISA Firewalls

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top