Q238734: How to Disable Microsoft CHAP Authentication
Article: Q238734
Product(s): Microsoft Windows NT
Version(s): 4.0
Operating System(s):
Keyword(s): kbWinNT4sp6fix
Last Modified: 11-JUN-2002
-------------------------------------------------------------------------------
The information in this article applies to:
- Microsoft Windows NT Server version 4.0, Terminal Server Edition
- Microsoft Windows NT Server version 4.0
-------------------------------------------------------------------------------
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
Q256986 Description of the Microsoft Windows Registry
SYMPTOMS
========
When you use Microsoft Routing and Remote Access Service (RRAS) as a Remote
Authentication Dial-In User Service (RADIUS) client, you can selectively enable
or disable Microsoft Challenge Handshake Authentication Protocol (CHAP)
authentication by setting the OfferMSCHAP registry value.
If the host or router that is attempting to dial in does not support Microsoft
CHAP and does not correctly implement RFC 1331, you may observe delays during
authentication that lead to an unsuccessful Point-to-Point Protocol (PPP)
connection because of Link Control Protocol (LCP) timeouts.
RESOLUTION
==========
Windows NT Server or Workstation 4.0
------------------------------------
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the
individual software update. For information on obtaining the latest service
pack, please go to:
- http://www.microsoft.com/Windows/ServicePacks/
-or-
- Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack
For information on obtaining the individual software update, contact Microsoft
Product Support Services. For a complete list of Microsoft Product Support
Services phone numbers and information on support costs, please go to the
following address on the World Wide Web:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
Windows NT Server 4.0, Terminal Server Edition
----------------------------------------------
To resolve this problem, obtain the latest service pack for Windows NT Server
4.0, Terminal Server Edition. For additional information, please see the
following article in the Microsoft Knowledge Base:
Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack
STATUS
======
Microsoft has confirmed this to be a problem in Windows NT 4.0 and Windows NT
Server 4.0, Terminal Server Edition.
This problem was first corrected in Windows NT Server 4.0 Service Pack 6 and
Windows NT Server 4.0, Terminal Server Edition Service Pack 6.
MORE INFORMATION
================
WARNING: If you use Registry Editor incorrectly, you may cause serious problems
that may require you to reinstall your operating system. Microsoft cannot
guarantee that you can solve problems that result from using Registry Editor
incorrectly. Use Registry Editor at your own risk.
Because of a change made to an existing configurable parameter, you can disable
Microsoft CHAP authentication whether or not your RRAS server is operating as a
RADIUS client. To disable Microsoft CHAP:
1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\PPP\CHAP
3. On the Edit menu, click Add Value, and then add the following registry value:
DWORD: OfferMSCHAP
Value: 0x00000000
4. Quit Registry Editor.
After you add this value, Microsoft CHAP is not offered to PPP clients.
Additional query words: ras ms-chap
======================================================================
Keywords : kbWinNT4sp6fix
Technology : kbWinNTsearch kbWinNT400search kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbNTTermServ400 kbNTTermServSearch
Version : :4.0
Hardware : ALPHA x86
Issue type : kbbug
Solution Type : kbfix
=============================================================================
THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.
Copyright Microsoft Corporation 1986-2002.