AzureMFA Extension NPS Login failed with VPN

Anonymous
2024-06-07T09:59:04+00:00

Hello everybody,

i hope someone can help us. We want to implement RADIUS Service to our VPN Connection.

Users must login with Azure MFA in the future.

I have install the NPS Service and configure it. The connection is correct to our Fortinet Firewall.

I have also install the latest version of AzureMFA Extension on the Server.

We use Forticlient VPN Free Version 7.2.4 & we use IPSec to connect to our Network via VPN Client.

What have I done so far to solve the problem?

General:

  • Connection to the firewall can be established but authentication fails.

Troubleshoot:

  • On the server i add the registry entry:

OVERRIDE_NUMBER_MATCHING_WITH_OTP added with the value TRUE

  • Reinstalled the AzureMFA extension
  • old AzureMFA certificates deleted
  • NPS > Network Policy: “Ignore User Account Dial-In Properties” checkmark set
  • Network Policy Settings: Constraints times PAP and CHAP removed and added again

Collected error messages:

NPS EventIDs: 6273, 6272, 6274

AzureMFA Logs:

NPS Extension for Azure MFA: Access Challenge response skipping primary Auth for User..

NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User *****.com with response state AccessReject, ignoring request.

Windows for business | Windows Server | Networking | Other

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2024-06-07T15:40:01+00:00

    Hello ,

    Thank you for posting in Microsoft Community forum.

    From the description above, I understand your question is related to Azure Net. 

    Since there are no engineers dedicated to this topic in this forum. To be able to get a quick and effective handling of your issue, I recommend that you repost your question in the Q&A forum, where there will be a dedicated engineer to give you a professional and effective reply.

    Here is the link for Q&A forum.

    Questions - Microsoft Q&A

    Click the "Ask a Question" button in the upper right corner to post your question and select tags related to your products.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Zunhui

    0 comments No comments