25,155 questions
I have found a solution. I changed NPS Network Policies setting "Type of network access server" from Remote Access Server to Unspecified.
Network Policy Server, the set Ignore user account dial-in properties not working
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 4%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sergei Golov
0
Reputation points
We have Azure AD Domain Services(cloud) in Azure. Our subscription is include Azure AD Premium P1, Enterprise Mobility + Security. I want to Integrate our VPN infrastructure with Azure AD MFA by using the Network Policy Server extension for Azure https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn
I have configure new VM(Windows 2019 DataCenter) in Azure and joined Azure AD Domain. The NPS server is registered in Active Directory.
I configure Network Policy Server using the guide. All users is nessecary VPN group members.
But users not able to login to NPS server, all users have got the same error.
The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
Screenshots NPS and User Dial-In properties setting below. Any ideas or recomendation to check? I have ask Google and ChatGPT, no results.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes
-
JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator2023-07-10T19:47:52.0533333+00:00 I wanted to check in and see if you had any other questions or if the answers below helped to resolve your issue?
Thank you for your time and patience throughout this issue.
If the information helped address your question, please Accept the answer. This will help us and also improve searchability for others in the community who might be researching similar information.
Sign in to comment
2 answers
Sort by: Most helpful
-
Sergei Golov 0 Reputation points
2023-07-06T13:07:25.5666667+00:00 -
Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator2023-07-10T05:36:00.35+00:00 I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.
Issue: users not able to login to NPS server, all users have got the same error.
The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.Solution:
You changed NPS Network Policies setting "Type of network access server" from Remote Access Server to Unspecified.
I changed NPS Network Policies setting "Type of network access server" from Remote Access Server to Unspecified.
If you have any other questions or are still running into more issues, please let me know.
Thank you again for your time and patience throughout this issue.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.Thanks,
Akshay Kaushik
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 6%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Syed Raza 0 Reputation points2025-02-12T15:18:18.76+00:00 Hi, I am facing same issue and setting are same and restart the services as well bet still same error with code 65.
I have OLD NPS server 30APS working fine but when i add new unleasehed network it is not authanticating. please help if you can thanks
Sign in to comment -