Bobcares
Client Area
Emergency Support
Latest | Server Management | VPN

VPN connections fail when using MS-CHAPv2 | Resolved

by | Feb 17, 2022

VPN connections fail when using MS-CHAPv2 and not sure how to proceed? Keep reading to find out what our experts suggest.

At Bobcares, we offer solutions for every query, big and small, as a part of our VPN Provider Support.

Let’s take a look at how our Support Team is ready to help customers out when VPN connections fail when using MS-CHAPv2.

How to fix: VPN connections fail when using MS-CHAPv2

If your VPN connections are failing while using MS-CHAPv2 authentication method, the end-user is likely to have come across an error message like the one below:

error 691 “The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.

Furthermore, the domain user’s bad password count can go up in number, ultimately leading to an account lockout.

VPN connections fail when using MS-CHAPv2

According to our Support Team, this issue occurs due to the modification of the LmCompatibilityLevel settings from the default settings on the authenticating DC.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LmCompatibilityLevel

For instance, in the above example, when we set the value to 5, the DC will not accept requests that utilize NTLM authentication. After MS-CHAP or MS-CHAPv2 configuration, RAS in Windows Server 2008 R2 will automatically default to NTLM in order to hash the password. Since DC accepts only NTLMv2, the request gets denied.

In order to use MS-CHAPv2, we have to add the following registry entry by enabling NTLMv2 authentication:

  1. First, head to Start > Run and enter regedit and select Ok.
  2. Next, locate and choose the following registry subkey: 
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
  3. Then, point to New on the Edit menu and select the DWORD Value.
  4. After that, enter Enable NTLMv2 Compatibility, and then select ENTER.
  5. Next, select Modify on the Edit menu.
  6. Then, enter1 in the Value data box and select OK.
  7. Finally, exit the Registry Editor.

[Looking for a solution to another query? We are just a click away.]

Conclusion

In brief, our skilled Support Engineers at Bobcares demonstrated what to do when VPN connections fail when using MS-CHAPv2.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

Related posts:

  1. How to bypass geoblocking | Best Practices
  2. Default encryption settings for L2TP/IPSec VPN Client
  3. “Error 721” error message Establishing a VPN connection
  4. libvirtd failed to start – Resolve it now

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

server management

Spend time on your business, not on your servers.

TALK TO US

Or click here to learn more.

Related Articles

  1. How to bypass geoblocking | Best Practices
  2. Default encryption settings for L2TP/IPSec VPN Client
  3. “Error 721” error message Establishing a VPN connection
  4. libvirtd failed to start – Resolve it now

Never again lose customers to poor
server speed! Let us help you.

GET STARTED