How to Force 128-bit Data Encryption for RAS

Last reviewed: August 1, 1997
Article ID: Q172215
The information in this article applies to:
  • Microsoft Windows NT Workstation version 4.0
  • Microsoft Windows NT Server version 4.0
  • Microsoft Windows 95

SUMMARY

With the release of the 128-bit Service Pack 3 (SP3) for Windows NT 4.0, RAS clients can now negotiate 128-bit RAS data encryption with a Windows NT 4.0 RAS server. Normal RAS data encryption is 40-bit. RAS clients that can take advantage of 128-bit data encryption are Windows NT Server or Workstation 4.0 with SP3 128-bit and Windows 95 Dial-Up Networking 1.2 128- bit.

MORE INFORMATION

To enable 128-bit RAS data encryption on an NT 4.0 SP3 128-bit RAS server, use the following steps:

  1. Double-click Network in Control Panel and click Services.

  2. Click Remote Access Service and click Properties.

  3. Click Network and click Require Microsoft encrypted authentication.

  4. Click Require data encryption and click OK.

  5. Click Continue and click Close.

  6. Click No when prompted to restart the computer.

  7. Start Registry Editor (Regedit.exe or Regedt32.exe).

    WARNING: Using Registry Editor incorrectly can cause serious, system- wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk.

  8. Go to the following subkey in the HKEY_LOCAL_MACHINE hive:

    SYSTEM\CurrentControlSet\Services\RasMan\PPP\COMPCP

  9. Click Edit, click Add Value, and enter the following information:

    Value Name: ForceStrongEncryption Value Type: DWORD Value Data: 1

  10. Exit Registry Editor and restart the computer.

With 128-bit RAS encryption enabled, you will see one or more event log messages in Event Viewer when RAS users connect using RAS or PPTP. If the RAS client supports 128-bit RAS data encryption, you will see the following event:

   Event ID: 20107
   Source:   RemoteAccess
   Description: The user RAS connected to port COM1 using strong
                encryption.

If the RAS client does not support 128-bit RAS data encryption, you will see the following event:

   Event ID: 20077
   Source:   RemoteAccess
   Description: An error occurred in the Point to Point Protocol module on
                port COM1. The remote computer does not support the
                required encryption type.

A Windows 95 client that fails with the above event log will receive the following error message:

   Dial-Up Networking
   You have been disconnected from the computer you dialed.
   Double-click the connection to try again.

A Windows NT client that fails with the above event log will receive the following error message:

   Error Connecting to RAS server
   Disconnected.
   Error 629: The port was disconnected by the remote machine.

For additional information, please see the following article(s) in the Microsoft Knowledge Base:

   ARTICLE-ID: Q147798
   TITLE     : Windows NT 4.0 Service Pack 3 Readme.txt File (128-bit)

   ARTICLE-ID: Q169895
   TITLE     : Enabling 128-bit Encryption for Routing and Remote Access
Keywords          : dun ntnetserv ntras NTSrvWkst win95 kbnetwork
Version           : WinNT:4.0;Windows:95
Platform          : WINDOWS
Issue type        : kbinfo
Solution Type     : Info_Provided


================================================================================


THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Last reviewed: August 1, 1997
© 1998 Microsoft Corporation. All rights reserved. Terms of Use.