The Windows Server 2003 family supports MS-CHAP v2, which provides mutual authentication, the generation of stronger initial data encryption keys for , and different encryption keys for sent and received data. To minimize the risk of password compromise during a password change, support for older methods of the MS-CHAP password change are not supported.
Because MS-CHAP v2 is more secure than MS-CHAP, it is offered before MS-CHAP (if enabled) for all connections.
MS-CHAP v2 is supported by computers running XOX, Windows 2000, Windows 98, Windows Millennium Edition, and Windows NT version 4.0. Computers running Windows 95 support MS-CHAP v2 only for VPN connections, not for dial-up connections.
To configure a connection for MS-CHAP v2, see To configure identity authentication and data encryption settings.
Note
- MS-CHAP v2 is a mutual , which means that both the client and the server prove that they have knowledge of the user's password. First, the remote access server asks the remote access client for proof by sending a challenge to the client. Then the remote access client asks the remote access server for proof by sending a challenge back to the server. If the server cannot prove that it has knowledge of the user's password by correctly answering the challenge from the client, the client terminates the connection. Without mutual authentication, a remote access client cannot establish a connection to an unauthorized remote access server.
