How to make NPS with azure mfa extension accept Accounting-request?

Charles 71 Reputation points

I want to use NPS to authentication and accounting my ipsec vpn.

I set a remote access ipsec vpn on my pfsense firewall and select NPS to authentication and accounting.

For security, I installed NPS azure mfa extension to make two-factor-authentication.

But when I enable this extension, accounting-request will be drop with reason-code 9 (An Internet Authentication Service (IAS) extension dynamic link library (DLL) that is installed on the NPS server discarded the connection request.)

What should I do to make it accept Accounting?

And I also have another question, when I operate mfa "approve" late, like around 20s, althought I config vpn radius timeout to 120s, the connect will failed with log "PhoneAppNoResponse and message: Authentication method failed", how to increase this step timeout settings?

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
5,626 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,259 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 43,996 Reputation points

    Hello there, What is the default timeout threshold? I In order to increase timeout settings MFA on NPS server, you need to go to: Server Manager > Tools > Network Policy Server > In the NPS (Local) console, expand RADIUS Clients and Servers, and select Remote RADIUS Server > In the middle pane, go to SERVER GROUP Properties > Edit > Under the Load Balancing tab change the settings. The NPS extension acts as an adapter between RADIUS and cloud-based Azure AD Multi-Factor Authentication to provide a second factor of authentication for federated or synced users. Hope this resolves your Query !! --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments