Share via

AzureMFA Extension NPS Login failed with VPN

YN 0 Reputation points
2024-06-10T07:06:42.7966667+00:00

Hello everybody,

i hope someone can help us. We want to implement RADIUS Service to our VPN Connection.

Users must login with Azure MFA in the future.

I have install the NPS Service and configure it. The connection is correct to our Fortinet Firewall.

I have also install the latest version of AzureMFA Extension on the Server.

We use Forticlient VPN Free Version 7.2.4 & we use IPSec to connect to our Network via VPN Client.

What have I done so far to solve the problem?

General:

  • Connection to the firewall can be established but authentication fails.

Troubleshoot:

  • On the server i add the registry entry:

OVERRIDE_NUMBER_MATCHING_WITH_OTP added with the value TRUE

  • Reinstalled the AzureMFA extension
  • old AzureMFA certificates deleted
  • NPS > Network Policy: “Ignore User Account Dial-In Properties” checkmark set
  • Network Policy Settings: Constraints times PAP and CHAP removed and added again

Collected error messages:

NPS EventIDs: 6273, 6272, 6274

AzureMFA Logs:

 

NPS Extension for Azure MFA: Access Challenge response skipping primary Auth for User..

 

NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User *****.com with response state AccessReject, ignoring request.

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,764 questions
0 comments