Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
spoojary
Staff
Staff

Created on ‎09-22-2023 05:57 AM

Article Id 275337

Technical Tip: Troubleshooting FortiGate RADIUS Authentication with Microsoft NPS Server using MSCHAP_v2

Description This article describes troubleshooting FortiGate RADIUS Authentication with Microsoft NPS Server using MSCHAP_v2.
Scope FortiGate, Radius.
Solution

Problem Statement: RADIUS authentication with the Microsoft NPS server fails when using MSCHAP_v2 on a FortiGate device but succeeds with PAP.

Symptoms:

  1. The server responds with code 3 (access reject).
  2. No groups are returned during the authentication attempt.

Solution:

To resolve the issue, NTLMv2 support needs to be enabled on the NPS server. Here are the steps to enable NTLMv2 support:

 

  1. Enable NTLMv2 Compatibility on the NPS Server:

     

    a. Select Start -> Run, type regedit in the Open box, and then select OK.

    b. Navigate to the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\RemoteAccess\Policy.

    c. On the Edit menu, hover over New, and then select DWORD Value.

    d. Type Enable NTLMv2 Compatibility, and then press ENTER.

    e. On the Edit menu, select Modify.

    f. In the Value data box, type 1, and then select OK.

    g. Exit Registry Editor.
2223
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2026 Fortinet, Inc. All Rights Reserved.