Skip to Content

Solved: How do I fix “MS-CHAP-Error(2): \000E=691 R=0 V=3” Radius reject response?

By: Author Alex Lim

Posted on  - Last updated:

Categories Troubleshooting

If you’ve ever encountered the enigmatic “MS-CHAP-Error(2): \000E=691 R=0 V=3” message in an Access-Reject response from Radius, you’re not alone. This cryptic error can be a puzzling roadblock, leaving you wondering what it means and how to overcome it.

Sniffer
2 0.001287 10.10.10.10 10.10.10.254 RADIUS 84
Access-Reject(3) (id=5, l=42)
AVP: l=22 t=Vendor-Specific(26) v=Microsoft(311)
VSA: l=16 t=MS-CHAP-Error(2): \000E=691 R=0 V=3

In this article, we aim to demystify this error message and provide you with not only an understanding of its significance but also effective workarounds to address it. We’ll break down the components of the error message, shed light on its implications, and equip you with the knowledge needed to navigate and resolve this issue.

So, if you’ve ever been baffled by the “MS-CHAP-Error(2): \000E=691 R=0 V=3” message in Radius reject responses, join us on this journey as we unravel its mysteries and empower you with the solutions you need.

Solution: Enabling NTLMv1 for NTLM Connections on Windows Server 2008

If you’ve encountered issues with NTLM connections being refused on your Windows Server 2008, there’s a common culprit that could be at play. By default, Windows Server 2008 disables NTLMv1, which can lead to connection problems. However, there’s a straightforward solution to this problem.

Here’s how to enable NTLMv1 on your server:

Step 1: Access Local Security Policy
Click on the “Start” button. Navigate to “Administrative Tools.”

Step 2: Open Local Policies
In the Administrative Tools menu, locate and open “Local Security Policy.”

Step 3: Configure LAN Manager Authentication Level
Within the Local Security Policy window, expand the “Local Policies” section. Find and click on “Security Options.”

Step 4: Adjust Network Security Settings
In the Security Options list, scroll down to locate “Network security: LAN Manager authentication level.”

Step 5: Modify Authentication Settings
Double-click on “Network security: LAN Manager authentication level” to modify its settings. In the properties window, you’ll see different options. Select “Send NTLM response only.”

Double-click on "Network security: LAN Manager authentication level" to modify its settings. In the properties window, you'll see different options. Select "Send NTLM response only."

By following these steps, you can enable NTLMv1 on your Windows Server 2008, allowing for NTLM connections to work as intended. This adjustment can be particularly useful if you’ve been experiencing issues due to the default NTLMv1 settings.