Network Policy Server, the set Ignore user account dial-in properties not working

Sergei Golov 0 Reputation points
2023-07-06T09:27:44.3266667+00:00

We have Azure AD Domain Services(cloud) in Azure. Our subscription is include Azure AD Premium P1, Enterprise Mobility + Security. I want to Integrate our VPN infrastructure with Azure AD MFA by using the Network Policy Server extension for Azure https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn

I have configure new VM(Windows 2019 DataCenter) in Azure and joined Azure AD Domain. The NPS server is registered in Active Directory.

Screenshot 2023-07-06 at 11.26.10

I configure Network Policy Server using the guide. All users is nessecary VPN group members.

But users not able to login to NPS server, all users have got the same error.

The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

Screenshots NPS and User Dial-In properties setting below. Any ideas or recomendation to check? I have ask Google and ChatGPT, no results.

Screenshot 2023-07-06 at 11.18.50

Screenshot 2023-07-06 at 11.19.44

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

2 answers

Sort by: Most helpful
  1. Sergei Golov 0 Reputation points
    2023-07-06T13:07:25.5666667+00:00

    I have found a solution. I changed NPS Network Policies setting "Type of network access server" from Remote Access Server to Unspecified. Screenshot 2023-07-06 at 15.04.29

    0 comments No comments

  2. Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator
    2023-07-10T05:36:00.35+00:00

    @Sergei Golov

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: users not able to login to NPS server, all users have got the same error.

    The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

    Solution:

    You changed NPS Network Policies setting "Type of network access server" from Remote Access Server to Unspecified. Screenshot 2023-07-06 at 15.04.29

     

    I changed NPS Network Policies setting "Type of network access server" from Remote Access Server to Unspecified. Screenshot 2023-07-06 at 15.04.29

    If you have any other questions or are still running into more issues, please let me know.

    Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.Thanks,

    Akshay Kaushik


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.