locked
Cannot apply X64 hotfix for kb977656 to Windows 2008 R2 RRS feed

  • Question

  • After requesting the X64 (vista was only version listed) hotfix for kb977656, I downloaded 400030_intl_x64_zip.exe.  After unpacking it I had Windows6.0-KB977656-x64.exe.  When trying to install that, I get error message that it is not applicable to my computer, which makes sense given the Windows 6.0 name and Vista download.  However http://support.microsoft.com/kb/977656 implies there is a Windows 2008 R2 hotfix.

    I'm trying to set up VPN via NPS where the password is actually an One Time Password that is authenticated via a proxied Radius connection to a third party radius server.

    The instructions I have are to use PAP, which I realize is unencrypted.  I'm fine with that though, because the password will be a OTP that is only good for 30 seconds.  However, KB977656 implies that I need a hotfix to enable PAP on 2008 R2.

    Thursday, March 22, 2012 8:44 PM

Answers

All replies

  • Hi,

    Thanks for posting here.

    > However http://support.microsoft.com/kb/977656 implies there is a Windows 2008 R2 hotfix.

    Could you point out the line in the KB article about impaling this is a Windows Server 2008 R2 hotfix cos according to the statement in that it applies to windows 6.0 based OS but not R2 (6.1)

    http://support.microsoft.com/kb/977656/en-us#appliesto

    Meanwhile, based on my understanding on your deployment ,this NPS server will be set as a VPN server with RRAS installed and RADIUS proxy which will forward RADIUS message to third party RADIUS server for authentication and accept incoming VPN connection requests, so don’t see any necessary to enable it on it  but need specifying it as one of condition in connection request policy on it

    Connection Request Policies
    http://technet.microsoft.com/en-us/library/cc753603.aspx

    PAP
    http://technet.microsoft.com/en-us/library/dd458969(WS.10).aspx

    Thanks.

    Tiger Li


    Tiger Li

    TechNet Community Support

    • Marked as answer by hollandIT Friday, March 23, 2012 2:21 PM
    Friday, March 23, 2012 3:12 AM
  • Could you point out the line in the KB article about impaling this is a Windows Server 2008 R2 hotfix cos according to the statement in that it applies to windows 6.0 based OS but not R2 (6.1)

    http://support.microsoft.com/kb/977656/en-us#appliesto

    You are correct.  I saw the Windows 2008 Server in the KB article and assumed that it also meant 2008 R2.  R2 is not listed there.

    I guess I thought this was my issue because I had set up a network policy that only used PAP and had told the client to only use PAP and when I attempted a connection, the client tells me:

    "Error 919: The connection could not be established because the authentication protocol used by the RAS/VPN server to verify your username and password could not be matched with the settings in your connection protocol"

    Most of the online answers I've received has pointed at PAP support being the issue.  Most of the answers suggest not using PAP, but given my external radius client, that is not an option.  When I stumbled across the KB implying PAP was disabled oin Vista and Server 2008 unless the hotfix was applied, I thought I had found my issue.

    The PAP link you supplied ( http://technet.microsoft.com/en-us/library/dd458969(WS.10).aspx ) lists three steps:

    1.Enable PAP as an authentication protocol on the remote access server. PAP is disabled by default.
    2.Enable PAP on the appropriate network policy. PAP is disabled by default.
    3.Enable PAP on the remote access client.

    I had completed steps 2 and 3, but I had missed that I had to enable PAP in the RRAS settings.  That's done and I'm now chasing some additional errors, but your one post has already helped me move past hours of searching and chasing alternatives yesterday.

    Thank you!

    Friday, March 23, 2012 2:21 PM