Devices cannot autheticate by NPS

Ricardo Ito 191 Reputation points

Hello guys!

Some users cannot authenticate via Network Policy Server (Radius Client).
At Event Viewer I see this message:

Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
Account Name: host/notnathallyamor.grupopereira.local
Account Domain: GRUPOPEREIRA
Fully Qualified Account Name: grupopereira.local/Dispositivos/Notebooks/SP/Escritorio/NOTNATHALLYAMOR
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: 02-9F-C2-75-99-40:Grupo Pereira
Calling Station Identifier: 64-32-A8-10-DD-53
NAS IPv4 Address:
NAS IPv6 Address: -
NAS Identifier: 029fc2759940
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: -
RADIUS Client:
Client Friendly Name: SP-ESCSPO-04-AP01
Client IP Address:
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: SRVADMS.grupopereira.local
Authentication Type: EAP
EAP Type: -
Account Session Identifier: 34323334424443314346373142353037
Logging Results: Accounting information was written to the local log file.
Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

Any idea?

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
530 questions
{count} votes

Accepted answer
  1. Candy Luo 12,686 Reputation points Microsoft Vendor

    Hi ,

    First make sure AD users are set-up to Control access through NPS Network Policy in ADUC.


    Or configure NPS to ignore User account dial-in properties:


    Then check if users can authenticate via Network Policy Server.

    Best Regards,



    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Ricardo Ito 191 Reputation points

    Hi Candy!
    Is there any problem if I check both?

  2. Ricardo Ito 191 Reputation points

    Hi Candy!
    Is there something I can do at Windows 10 Clients ? Some Clients persists not connect.