question

NunoGalego-8631 avatar image
1 Vote"
NunoGalego-8631 asked AdamWiernicki-9736 edited

Windows VPN with MFA

Hi I have a problem with my VPN.

I create a VPN in Windows Server and a NPS to autenticate users.

I also have a MFA setup and works. The problem is that VPN only work with Authenticator, and dont work with SMS token.

A receive a message with a PIN, but dont have a place to put..

Anyone can help??

windows-active-directorywindows-server-security
· 11
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@NunoGalego-8631
Thank you for your post!

  • Have you tried navigating your "aka.ms/mfasetup" and changing your MFA preference?

  • Can you share the documentation that you followed to set up MFA on your Windows server?

  • Are you able to provide some screenshots of what you're seeing so I can gain a better understanding of your issue?

Any additional information would be greatly appreciated.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

1 Vote 1 ·

Hi, yes I already change in aka.ms my preference.

The situation is that this only work with microsoft autentication on the phone. Who dont have this installed, dont enter on the VPN.

The tuturial that I fallow is this:

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn


Can you help me?

0 Votes 0 ·

@NunoGalego-8631
Thank you for the quick response!

It sounds like your MFA set up works, but the main problem is that the VPN setup only works with the Authenticator app, and not with an SMS token?

Have you looked into any of the below troubleshooting guides?
Troubleshooting RADIUS
Troubleshooting guide


I also reached out to my team regarding this and since this process requires a lot of NPS/on-prem AD configuration, I've added the "windows-active-directory" tag to this thread so their community can take a look into this issue as well.

Thank you for your time and patience throughout this issue.

0 Votes 0 ·
Show more comments

Hi @NunoGalego-8631
As far as I know, Microsoft CHAP Version 2 and EAP only supports phone call or mobile app notification. I found a threat regarding this:

https://docs.microsoft.com/en-us/answers/questions/21919/nps-extension-request-specific-authentication-meth.html

The same is valid for RD Gateway:

Supported methods are: Phone call, Authenticator app with notification.
Unsupported methods are: SMS, Authenticator app with PIN.
https://docs.microsoft.com/en-us/answers/questions/44596/azure-mfa-nps-extension-rds-gatway-method.html

Cheers, Al

0 Votes 0 ·

In this article said that If I change my radius to PAP, it will work, but I already changed,and nothing new happen... This is the same.. only work with the App. If I unistall the App dont work...

0 Votes 0 ·

Your question is more related with MFA part, we will remove windows-server-windows-server-security tag. Thank you!

0 Votes 0 ·

Hi, and there is any solution for this??

0 Votes 0 ·
NunoGalego-8631 avatar image
0 Votes"
NunoGalego-8631 answered LucDuong-4132 commented

Hi, And there is any solution?

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@NunoGalego-8631
I've enabled your subscription for a one-time free technical support request so our support engineers can take a closer look into this issue. Once you arrive at a solution/workaround, please feel free to update your thread with the answer so others from the community who're experiencing a similar issue can easily find the solution.


Thank you for your time and patience throughout this issue!

0 Votes 0 ·

@NunoGalego-8631
Hi, Have you found a solution to this problem?

0 Votes 0 ·
NunoGalego-8631 avatar image
0 Votes"
NunoGalego-8631 answered LucDuong-4132 commented

NO, there is no solution. SMS dont work at all in windows VPN

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I have the same problem in the case of using TOTP, and I have no solution either.

0 Votes 0 ·
NunoGalego-8631 avatar image
0 Votes"
NunoGalego-8631 answered

No Solution, this only work with Authenticator.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AdamWiernicki-9736 avatar image
0 Votes"
AdamWiernicki-9736 answered AdamWiernicki-9736 edited

Hi, @JamesTran-MSFT, are you going to resolve this problem soon?
It works perfectly with Office 365, but not with VPN. It should work the same...
I get a code in SMS but there is no place to put it in.

Best regards

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.