hi, the one that fails is failing at the mschap phase - ntml_auth etc - so that server isnt configured the same as the other.. or if the config is the same, its not able to talk to the AD as the other one can. alan