Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
dbhavsar
Staff
Staff

Created on ‎10-02-2024 11:00 PM

Article Id 346451

Technical Tip: RADIUS authentication using MS-CHAPv2 fails

Description This article describes how to mitigate authentication using MS-CHAPv2 fails for Windows RADIUS servers.
Scope FortiGate.
Solution
  • Check the connectivity, and make sure FortiGate can telnet/ping the RADIUS server.
  • Try authenticating using the default authentication method. All the methods will work except the ms-chapv2.
  • To authenticate using the mschapv2, add the following registry key in the Windows Servers registry.

 

  1. Select Start -> Run, type regedit in the Open box, and then select OK.
  2. Locate and select the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy
  3. On the Edit menu, point to New, and then select DWORD Value.
  4. Type Enable NTLMv2 Compatibility, and then press ENTER.
  5. On the Edit menu, select Modify.
  6. In the Value data box, type 1, and then select OK.
  7. Exit Registry Editor.

 

Windows article

https://learn.microsoft.com/en-gb/troubleshoot/windows-server/networking/rras-vpn-connections-fail-m...

 

  • If the network policies are configured, then make sure that authentication is allowed using the ms-chapv2 method.
  • The below screenshots show that authentication is successful:


mschapv2.png
464
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.