How to make NPS with azure mfa extension accept Accounting-request?

Question

I want to use NPS to authentication and accounting my ipsec vpn.

I set a remote access ipsec vpn on my pfsense firewall and select NPS to authentication and accounting.

For security, I installed NPS azure mfa extension to make two-factor-authentication.

But when I enable this extension, accounting-request will be drop with reason-code 9 (An Internet Authentication Service (IAS) extension dynamic link library (DLL) that is installed on the NPS server discarded the connection request.)

What should I do to make it accept Accounting?

And I also have another question, when I operate mfa "approve" late, like around 20s, althought I config vpn radius timeout to 120s, the connect will failed with log "PhoneAppNoResponse and message: Authentication method failed", how to increase this step timeout settings?

Answer 1

Hello there, What is the default timeout threshold? I In order to increase timeout settings MFA on NPS server, you need to go to: Server Manager > Tools > Network Policy Server > In the NPS (Local) console, expand RADIUS Clients and Servers, and select Remote RADIUS Server > In the middle pane, go to SERVER GROUP Properties > Edit > Under the Load Balancing tab change the settings. The NPS extension acts as an adapter between RADIUS and cloud-based Azure AD Multi-Factor Authentication to provide a second factor of authentication for federated or synced users. Hope this resolves your Query !! --If the reply is helpful, please Upvote and Accept it as an answer--