| Description | This article describes how to troubleshoot authentication with MS-CHAP-v2. |
| Scope | FortiGate - this article provides a comprehensive guide to troubleshooting authentication issues related to MS-CHAP-v2 (Microsoft Challenge Handshake Authentication Protocol version 2). |
| Solution |
This article describes how to fix the connection between the FortiGate and the RADIUS Server using MS-CHAP-v2. This consists of:
Go to Modify -> Registry Editor -> Computer\HKEY_LOCAL_MACHINES\SYSTEM\CurrentControlSet\RemoteAccess\Policy - > Enable NTLMv2Compatibility -> Change the REG_DWORD to 0x00000001(1).
RADIUS servers have the default policy enabled to limit NTLM authentication. This can be a common problem when troubleshooting MS-CHAP-v2. Many RADIUS servers enforce policies that limit or restrict NTLM authentication, especially when Kerberos is preferred for security reasons. This has fixed the MSCHAP-v2 issue.
The RADIUS Server shows the configuration on the FortiGate has MS-CHAP-v2 enabled.
FortiGate now shows the authentication pass.
|
Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiGuest
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiWAN
- FortiToken
- FortiVoice
- FortiWeb
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- Wireless Controller
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Troubleshooting Tip: MS-CHAP-v2, MS-CHAP authentic...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.