Troubleshooting NPS authentication failure

Question

Our NPS server failed to authenticate users on May 10th, 2024 0800 SGT for about 8 hours, and unexpectedly resolved on its own. I am concerned about the potential impact on our work and want to ensure it won't happen again. How can I troubleshoot this issue and prevent it from occurring in the future? I am willing to provide more details if necessary. Thank you.

-Zie

---

Edit to add more information (Jul 4th, 2024):

I have deep dive into the problem yesterday with my team (as im new here).

1. I did check the event viewer in NPS server and when I search during the time it happened, i cant find the ID that have failed doing the auth. But I can find other account that failed. Furthermore, its only 1 account that have failed to auth back to NPS for that 8 hours. I mean, this account repeatedly failed with auth causing it to not able to connect to internet for 8 hours while others can.
2. Network was fine as even the ISP was there during the incident and their network was working perfectly fine.
3. Server load was okay that time. No stress loading was happening during that moment of time.
4. As others auth is working fine, I think there is no issue with RADIUS configuration as well (I might be wrong but im not sure as i was not there to check. Will put this in note)
5. No issue with AD as well cause other account was working fine, just that one particular account.

To my understanding, the network here is a bit of a branch with numerous Virtual Routing and Forwarding (VRF) being setup. This only effect one of the VRF branch which is very unusual. This become more mysterious when it suddenly solve by its own after 8 hours without any changes was being made.

Answer 1

Hello,

Thank you for posting in Q&A forum.

I understand your concern about the NPS server issue. Here are some steps you can take to troubleshoot and prevent this issue in the future:

1. Check Event Logs: The first step in troubleshooting is to check the event logs on the NPS server. Look for any errors or warnings that occurred around the time of the issue. This can give you a clue as to what might have caused the problem.
2. Network Connectivity: Check if there were any network connectivity issues at the time of the problem. This could be a network outage, a problem with a switch or router, or a problem with the server's network interface card (NIC).
3. Server Performance: Check the performance of the NPS server. If the server was under heavy load or running out of resources (CPU, memory, disk space), it might have been unable to handle the authentication requests.
4. RADIUS Server Configuration: Since you are using RADIUS, check the configuration of your RADIUS server. Make sure it is correctly configured to communicate with the NPS server.
5. Active Directory (AD) Issues: Check if there were any issues with your on-premises AD at the time of the problem. This could be a problem with the AD server itself, or a problem with the communication between the NPS server and the AD server.

6.Patch and Update: Ensure that your NPS server, RADIUS server, and AD server are all up-to-date with the latest patches and updates. This can help prevent known issues and improve the stability and security of your servers.

7. Monitor: Regularly monitor the health and performance of your NPS server, RADIUS server, and AD server. This can help you detect and address potential issues before they cause a problem.

I hope the information above is helpful.

Best Regards,

Yanhong Liu

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.