JSI Tip 0700 - How do I enable 128-bit RAS encryption?


If you have the 128-bit version of Service Pack 3, your RAS server can be configured to use it:

1. Control Panel / Network / Services / Remote Access Service / Properties.

2. Click Network and Require Microsoft encrypted authentication.

3. Click Require data encryption, OK, Continue, and Close.

4. When prompted to restart, click No.

5. Edit HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\COMPCP
     and Add Value name ForceStrongEncryption as a type REG_DWORD and set it to 1.

6. Shutdown and restart.

If a RAS client supports 128-bit encrytion, the event log will contain:

 
Event ID: 20107 
Source:   RemoteAccess 
Description: The user RAS connected to port COM1 using strong encryption.

If the RAS client does not support 128-bit RAS encryption, you will see the following event:
 
Event ID: 20077 
Source:   RemoteAccess 
Description: An error occurred in the Point to Point Protocol module on 
port COM1. The remote computer does not support the 
required encryption type.
The client will receive a message 629, indicating the that they have been disconnected.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish