Error Connecting to VPN – Error 850: The Extensible Authentication Protocol type required for authentication…

Posted on September 22, 2013 by Brendan in Security, Server Administration

Error 850: The Extensible Authentication Protocol type required for authentication of the remote access connection is not installed on your computer.Are you getting this error message when connecting to a virtual private network?

Error connecting to BLAH.

Error 850: The Extensible Authentication Protocol type required for authentication of the remote access connection is not installed on your computer.

I first saw this message after an attempt to VPN on a newly installed Windows 8 computer. After I fixed it I started to document it so I could share it on the blog, but I had no luck replicating it and I was feeling lazy at the time to spin up a VM. So you’ll only need to set this once and forget about it.

I would call this a “bug” personally, but it essentially comes down to a default authentication setting being unset depending on the type of VPN it is. I was connecting to a standard Microsoft’y PPTP network.

The fix is easy. I’ve documented the steps below:

1. Open the connection properties.

Connection Properties

5 May 2014 Edit: Several readers have reported they’re unable to access properties via the above method. The alternate method is to Open the Network and Sharing Center by right mouse clicking on the network icon in the system tray…

Network and Sharing Center via Control Panel

or via Control Panel…

Open Network and Sharing Center

Then click Change adapter settings…

Change Adapter Settings

Right mouse click on the VPN connection and click Properties…

Network Adapter Properties

As you can see, it’s incredibly easy in Windows 8 (grrr). End 5 May 2014 Edit.

2. Click the Security tab. Note the authentication radio buttons. Notice how neither of them are selected? It has therefore assumed a default option which isn’t appropriate for the network you are trying to connect to.

Security Properties

3. Select the correct authentication protocol. If it is a Microsoft PPTP implementation then try the following configuration:

Set Authentication

4. Click OK and attempt to connect again.

Let me know how you go. Do many of you also encounter this?

106 Comments

Our address has changed…

Posted on August 27, 2013 by Brendan in Security

You may or may not have noticed that we’re now delivering sysadmin’y goodness via HTTPS! You’ll be automatically redirected from HTTP to HTTPS now when visiting us – so no more NSA eavesdropping on you while you browse our site – well, they’ll still spy on you, it’ll just take them longer to see what you’re reading. But then again, we have nothing to hide!

HTTPS Secure Socket LayerI’m not sure about you, but this whole NSA essentially being caught with their pants down thing is rather interesting to me. The NSA lying to congress and the world – even the President of the United States of America lied to his people. The list seems to go on and on. Does any of this make you think more about transparency in government? They’re supposedly there to serve the people, not spy on us right?

Below is a nice convenient list of 10 things we’ve learnt about the surveillance state which I quite enjoyed a read of.

Of course none of this is really surprising; Hollywood has been preparing the world for years now with spy movies. You’ll bourne-ultimatum-movierecall the CIA intercepting the call from Simon Ross containing the phrase “Operation Blackbriar” in the movie Bourne Ultimatum?

But now it’s in the public – how has this changed your attitude towards the United States and the world, and how will it change your thoughts and behaviours while on the internet?

Leave a comment

Simple PHP Function Code to Check IP Against “Stop Forum Spam” API

Posted on June 7, 2013 by Brendan in Programming

Some time back I wrote a blog post very similar to this one. But much time has past and I’ve since encountered a number of implementation problems with it. For example, checking if a username is listed in the Stop Forum Spam database is highly prone to false positives – search my name “Brendan” for example and I’m a spammer and now blocked.

Today I wrote a simpler implementation that checks only the IP address and takes advantage of Stop Forum Spam’s “confidence” assessment. See “Confidence Scoring” on their API usage page. Essentially it creates a likelihood or confidence percentage value based on quantity of listings and recent activity to decide if they’re a spammer or not. Kind of cool and takes the guesswork out of the blacklisting process for webmasters who really don’t have the expertise when contrast against the experience Stop Forum Spam has.

Anyway, as mentioned, much more cut down and only checks the IP address.

function StopForumSpam($ipAddress, $percentageConfidenceIsSpammer = 50)
{
$spammer = FALSE;

$xmlResult = file_get_contents(“http://www.stopforumspam.com/api?ip=” . urlencode($ipAddress) . “&confidence”);
$xml = new SimpleXMLElement($xmlResult);

if ($xml->appears == “yes”)
{
if ($xml->confidence >= $percentageConfidenceIsSpammer)
{
$spammer = TRUE;
}
}
return $spammer;
}

With any luck, you’ve put the above function with your other functions, and amongst the code you have checking an activity you will have something like this:

// user’s current ip address
$ipAddress = $_SERVER[‘REMOTE_ADDR’];

// check stopforumspam database
$unsafeSender = StopForumSpam($ipAddress);

// if bad result deny request
if ($unsafeSender == TRUE)
{
// take action to prevent continuing
// here is a function I call in my own code: Error(“We’re sorry, but our checks suggest you might be a spammer. You won’t be able to contact us at this time.”);
// alternatively you might just like to say die();
// insert your own code here.
}

Note you can adjust the confidence percentage by passing in an integer as a parameter such as StopForumSpam($ipAddress, 80); – else it will default to 50%.

One other note, this function relies on file_get_contents() being turned on. It can be sometimes disabled in the name of security via the php.ini file.

Hope this helps someone.

3 Comments