SecureGUARD GmbH

Technical Blog for SecureGUARD Products and Solutions

Client VPN enable usernames with special characters

In this blogpost i want to cover an issues we currently faced within a support case.

Per default RRAS in Windows Server 2012 R2 doesn't allow special character within the username.

This includes e.g. ö,ä,ü for the german speaking area.

You will receive a failed authentication attempt when trying to login with a user including such a character.

To workaround this issue please process the following steps:


  1. Click Start and type cmd
  2. Right-click Command Prompt and choose Run as administrator
  3. Type the following command: REG ADD HLKM\SYSTEM\CurrentControlSet\Services\EapHost\Configuration /v IdentityEncodingFormat /t REG_DWORD /d 1
  4. Reboot

With this registry key Windows will allow the use of special characters within the usernames.

Due to support issues we cann't recommend the use of special characters within usernamen, but if you have an existing environment you can get it to work with this registry key.

ATTENTION: Only implement this registry key if you're facing the described issue as this can lead to unpredictable side effects.

Known Issue:

The above configuration change would however result in EAP-based authentication from a Windows 7 client to fail. To fix this case, the same registry key (shown above) can be set on the Windows 7 client so that the Windows 7 client uses ANSI format for EAP-based authentication protocols too.





Add comment