I have one user whom MFA is not functional when trying to sign in with his Cisco Anyconnect VPN client. Keep in mind if we use another users credentials on the same computer it connects without any problems. The issue seems to be with just the one user. Here is what I found in the logs, for the first event listed, I did find the user had proper licensing, the other event I could not find much information on.
ADIUS Client:
Client Friendly Name: Anyconnect
Client IP Address: X.X.X.X
Authentication Details:
Connection Request Policy Name: Anyconnect-VPN
Network Policy Name: Anyconnect-VPN
Authentication Provider: Windows
Authentication Server: XXXXXX.XXXXXX
Authentication Type: PAP
EAP Type: -
Account Session Identifier: -
Reason Code: 9
Reason: The request was discarded by a third-party extension DLL file
Another event found:
Log Name: AuthZOptCh
Source: Microsoft-AzureMfa-AuthZ
Date: 10/5/2022 11:33:58 AM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: NETWORK SERVICE
Computer: {computername}.XXXXXX
Description:
NPS Extension for Azure MFA: CID: 68043807-6b81-4c24-9baf-002819da2ff4 : Request Discard for user {username}@X .com with Azure MFA response: UserNotFound and message: The specified user was not found.,,,210de091-24f4-42d4-89e5-0f4c584de41d
Any help is greatly appreciated!