How to Disable Microsoft CHAP Authentication

ID: Q238734

The information in this article applies to:
  • Microsoft Windows NT Server version 4.0
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SYMPTOMS

When you use Microsoft Routing and Remote Access Service (RRAS) as a Radius client, you can selectively enable or disable Microsoft Challenge Handshake Authentication Protocol (CHAP) authentication by setting the OfferMSCHAP registry value.

If the host or router that is attempting to dial in does not support Microsoft CHAP and does not correctly implement RFC 1331, you may observe delays during authentication that lead to an unsuccessful Point-to-Point Protocol (PPP) connection because of Link Control Protocol (LCP) timeouts.


RESOLUTION

To resolve this problem, obtain the latest service pack for Windows NT 4.0 or the individual software update. For information on obtaining the latest service pack, please go to:

For information on obtaining the individual software update, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:
http://www.microsoft.com/support/supportnet/overview/overview.asp


STATUS

Microsoft has confirmed this to be a problem in Microsoft Routing and Remote Access Server Update for Windows NT Server version 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 6.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

Because of a change made to an existing configurable parameter, you can disable Microsoft CHAP authentication whether or not your RRAS server is operating as a Radius client. To disable Microsoft CHAP:

  1. Start Registry Editor (Regedt32.exe).


  2. Locate the following registry key:


    3. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman\PPP\CHAP
  3. On the Edit menu, click Add Value, and then add the following registry value:


    4. DWORD: OfferMSCHAP
    Value: 0x00000000
  4. Quit Registry Editor.


After you add this value, Microsoft CHAP is not offered to PPP clients.

Additional query words: ras ms-chap

Keywords : kbbug4.00 kbfix4.00 NT4SP6Fix
Version : winnt:4.0
Platform : winnt
Issue type : kbbug


Last Reviewed: December 20, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.