This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 77%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESB%3C/text%3E%3C/svg%3E)
Hi Support,
We got this Envent ID 4421 warning: RequireMsgAuth and/or limitProxyState configuration is in Disable mode. These settings should be configured in Enable mode for security purposes. See https://support.microsoft.com/help/5040268 to learn more."
So we tried the steps posted on this link:
We tried adding the two configurations via registry editor from here:
https://learn.microsoft.com/en-us/answers/questions/2188614/enable-requiremsgauth-and-or-limitproxystate
Event logs still show this error when we restart the NPS services.
The following steps below says to open the Radius Server in the Radius Server Groups.
This section for us is blank.
The Radius Client section is configured.
I'm sure we're missing some configuration. Most likely the Radius Server Group?
How do we enable RequireMsgAuth and limitProxyState within the NPS GUI since it looks like the registry route didn't resolve this issue?
Any assistance is greatly appreciated.
Thank you very much,
Sonny
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello,
Thank you for posting in Q&A forum.
According to the official documentation provided by Microsoft, you can use the netsh command prompt to configure RequireMsgAuth and limitProxyState. I suggest you complete all the configurations and see if the relevant error message still appears.
I hope the information above is helpful.
Best regards
Zunhui
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Hi Zunhui,
Thank you very much. We ran these 2 PowerShell commands and they both showed an "Ok" response. We then restarted the NPS services and the Event Viewer still shows Event ID 4421 and the same message that both are in disable mode.
Please advise at your earliest convenience.
Thank you very much,
Sonny
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 13%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECJ%3C/text%3E%3C/svg%3E)
Was getting this same issue, but I found that requiring message authentication from all servers, even though no remote servers were enabled, seems to have resolved. Restarted NPS, no warning event anymore.
netsh nps set requiremsgauth all = "enable"
Thank you very much Cole.
Not sure if this is the right solution; however, we went into NPS and disabled the RequireMsgAuth to resolve this issue. Since we're using Duo as a 2FA for the Radius server's VPN connection.