A. Service Pack 3 (128 bit version) introduced the ability to use 128-bit RAS data encryption with a Windows NT 4.0 RAS server as opposed to the normal 40-bit encryption.
To enable this 128-bit encryption perform the following:
- Start the Network control panel applet (Start - Settings - Control Panel - Network)
- Select the services tab
- Select Remote Access Service and click Properties
- Click Network then Require Microsoft encrypted authentication
- Click Require data encryption and click OK
- Click continue and close the Network control panel applet
- Do not restart the computer at this point
It is now necessary to enable the 128-bit setting:
- Start the registry editor (regedit.exe)
- Move to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\COMPCP
- From the Edit menu select New - DWORD value
- Enter a name of ForceStrongEncryption and press Enter
- Double click the new value and set to 1. Click OK
- Close the registry editor
- Reboot the computer
After reboot is completed clients connecting via RAS or PPTP will have to authenticate using 128-bit key encryption. A number of event logs can be viewed using Event Viewer (Start - Programs - Administrative Tools - Event Viewer).
If a successful connection is made you will see the log:
Event ID: 20107
Source: RemoteAccess
Description: The user RAS connected to port COMx using strong encryption
If the connection was unsuccessful you will see entry
Event ID: 20077
Source: RemoteAccess
Description: An error occurred in the Point to Point Protocol module on
port COMx. The remote computer does not support the required encryption
type.
The client attempting connection would also receive a 629 error.