Installing RRAS Disables 128-bit RAS Encryption

• Microsoft Windows NT Workstation version 4.0
• Microsoft Windows NT Server version 4.0
• Microsoft Windows 95
• Routing and Remote Access Service Update for Windows NT Server version 4.0

SYMPTOMS

When you dial into your Microsoft Windows NT Routing and Remote Access Service (RRAS) Server, you may receive one of the following error messages depending on the Remote Access Service (RAS) client that you are using:

Windows 95 using Dial-Up Networking 1.2

   Error 720: Dial-Up Networking could not negotiate a compatible set of
   network protocols you specified in the Server Type settings. Check your
   network configuration in the Control Panel then try the connection
   again.

Windows NT Server or Workstation (Service Pack 1 or 2, or no Service Pack)

If Require Data Encryption is Enabled:

   Error 742: The remote computer does not support the required
   encryption type.

   TCP/IP CP reported error 733: The PPP control protocol for this network
   protocol is not available on the server.

Windows NT Server or Workstation (Service Pack 3)

If Any RAS Security Setting is Enabled:

   TCP/IP CP reported error 733: The PPP control protocol for this network
   protocol is not available on the server.

Windows NT Server with RRAS Update

If Require Strong Data Encryption is Enabled:

   Error 741: The local computer does not support the required encryption
   type.

   TCP/IP CP reported error 733: The PPP control protocol for this network
   protocol is not available on the server.

   Event ID   : 20073
   Source     : Router
   Description: The following error occurred in the %protocol_name% module
                on port %port_name%. The local computer does not support
                the required encryption type.

CAUSE

Your RRAS server has been configured for 128-bit RAS Encryption, however Ndiswan.sys has been replaced with the 40-bit version of the file.

RESOLUTION

To resolve this issue, follow the steps in the following article in the Microsoft Knowledge Base:

   ARTICLE-ID: Q169895
   TITLE     : Enabling 128-bit Encryption for Routing and Remote Access

MORE INFORMATION

When you install Routing and Remote Access Service on top of Service Pack 3 (40-bit or 128-bit), it, by default, replaces Ndiswan.sys with a 40-bit version.

If a RAS or PPTP connection is successful using 128-bit encryption, the following event will be logged in Event Viewer on your RRAS Server:

   Event ID   : 20142
   Source     : Router
   Description: The user <username> has been connected and has been
                successfully authenticated on port <port_name>. Data
                sent and received over the link is strongly encrypted.

   ARTICLE-ID: Q104292
   TITLE     : Identifying 128-bit Windows 95 DUN Client

   ARTICLE-ID: Q169296
   TITLE     : How to obtain the 128-bit version of WinNT 4.0 Service
               Pack

Keywords          : ntinterop ntnetserv ntras NTSrvWkst win95 kberrmsg kbinterop kbnetwork
Version           : WinNT:4.0;Windows:95
Platform          : WINDOWS
Issue type        : kbprb