If you’ve ever encountered the enigmatic “MS-CHAP-Error(2): \000E=691 R=0 V=3” message in an Access-Reject response from Radius, you’re not alone. This cryptic error can be a puzzling roadblock, leaving you wondering what it means and how to overcome it.
Sniffer
2 0.001287 10.10.10.10 10.10.10.254 RADIUS 84
Access-Reject(3) (id=5, l=42)
AVP: l=22 t=Vendor-Specific(26) v=Microsoft(311)
VSA: l=16 t=MS-CHAP-Error(2): \000E=691 R=0 V=3
In this article, we aim to demystify this error message and provide you with not only an understanding of its significance but also effective workarounds to address it. We’ll break down the components of the error message, shed light on its implications, and equip you with the knowledge needed to navigate and resolve this issue.
So, if you’ve ever been baffled by the “MS-CHAP-Error(2): \000E=691 R=0 V=3” message in Radius reject responses, join us on this journey as we unravel its mysteries and empower you with the solutions you need.
Solution: Enabling NTLMv1 for NTLM Connections on Windows Server 2008
If you’ve encountered issues with NTLM connections being refused on your Windows Server 2008, there’s a common culprit that could be at play. By default, Windows Server 2008 disables NTLMv1, which can lead to connection problems. However, there’s a straightforward solution to this problem.
Here’s how to enable NTLMv1 on your server:
Step 1: Access Local Security Policy
Click on the “Start” button. Navigate to “Administrative Tools.”
Step 2: Open Local Policies
In the Administrative Tools menu, locate and open “Local Security Policy.”
Step 3: Configure LAN Manager Authentication Level
Within the Local Security Policy window, expand the “Local Policies” section. Find and click on “Security Options.”
Step 4: Adjust Network Security Settings
In the Security Options list, scroll down to locate “Network security: LAN Manager authentication level.”
Step 5: Modify Authentication Settings
Double-click on “Network security: LAN Manager authentication level” to modify its settings. In the properties window, you’ll see different options. Select “Send NTLM response only.”
By following these steps, you can enable NTLMv1 on your Windows Server 2008, allowing for NTLM connections to work as intended. This adjustment can be particularly useful if you’ve been experiencing issues due to the default NTLMv1 settings.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
