Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jlopeztellez
Staff
Staff

Created on ‎03-28-2025 10:01 AM Edited on ‎07-28-2025 03:48 PM

Article Id 385134

Troubleshooting Tip: MS-CHAP-v2, MS-CHAP authentication problems

Description This article describes how to troubleshoot authentication with MS-CHAP-v2.
Scope FortiGate - this article provides a comprehensive guide to troubleshooting authentication issues related to MS-CHAP-v2 (Microsoft Challenge Handshake Authentication Protocol version 2).
Solution

This article describes how to fix the connection between the FortiGate and the RADIUS Server using MS-CHAP-v2. This consists of:

 

  • Understanding the MS-CHAP-v2 authentication process.
  • Identifying common authentication failures and error codes.
  • Resolving password-related and encryption issues.

 

Go to Modify -> Registry Editor -> Computer\HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\Services\Policy - > Enable NTLMv2Compatibility -> Change the REG_DWORD to 0x00000001(1).

 

NTLMv2 (2).png

 

RADIUS servers have the default policy enabled to limit NTLM authentication.

This can be a common problem when troubleshooting MS-CHAP-v2. Many RADIUS servers enforce policies that limit or restrict NTLM authentication, especially when Kerberos is preferred for security reasons.

This has fixed the MSCHAP-v2 issue.

 

RADIUS (2).png

 

The RADIUS Server shows the configuration on the FortiGate has MS-CHAP-v2 enabled.

 

Fortigate (1).png

 

FortiGate now shows the authentication pass.

 

2025-03-27_14-09-02.png
730
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.