Radius - Network policy server denying access to users

uisire 1 Reputation point
2021-04-08T15:04:54.087+00:00

I'm trying to set up a radius server (windows server 2016) on our domain to authenticate vpn users. But the users are being rejected by the NPS (see the error below). I see the reason is "The RADIUS request did not match any configured connection request policy (CRP)"

I've followed the instructions in a number of blogs below and the setup on the windows NPS side seems pretty straight forward. Can anyone help me in where i should be looking in the CRP for the correct configuration?

Thanks.

https://techexpert.tips/mikrotik/mikrotik-active-directory-authentication/
https://mivilisnet.wordpress.com/2018/10/01/how-to-integrate-your-mikrotik-router-with-windows-ad/

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
    Security ID:            NULL SID
    Account Name:           user_1
    Account Domain:         -
    Fully Qualified Account Name:   -

Client Machine:
    Security ID:            NULL SID
    Account Name:           -
    Fully Qualified Account Name:   -
    Called Station Identifier:      78.71.70.20
    Calling Station Identifier:     81.24.91.21

NAS:
    NAS IPv4 Address:       192.168.10.1
    NAS IPv6 Address:       -
    NAS Identifier:         router-name
    NAS Port-Type:          Virtual
    NAS Port:           15734748

RADIUS Client:
    Client Friendly Name:       my-router
    Client IP Address:          192.168.10.1

Authentication Details:
    Connection Request Policy Name: -
    Network Policy Name:        -
    Authentication Provider:        -
    Authentication Server:      my-radius.domain.local
    Authentication Type:        -
    EAP Type:           -
    Account Session Identifier:     383112321336338
    Logging Results:            Accounting information was written to the local log file.
    Reason Code:            49
    Reason:             The RADIUS request did not match any configured connection request policy (CRP).
Windows for business | Windows Server | User experience | Other
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2021-04-09T04:08:26.97+00:00

    Hi,

    Thanks for posting in Q&A platform.

    Before we go further, may I know whether the Windows built-in VPN client is a Mikrotik VPN client? If it's a Mikrotik VPN client, please understand Mikrotik is a third party product which we're not familiar with. Due to environmental limitation, we don't have such device to test in our lab.

    As for configuring Connection Request Policy for Windows built-in VPN client, please refer to the following detailed steps:

    Expand Policies in NPS server, right-click Connection Request Policies, click New, enter Policy name, select Remote Access Server (VPN-Dial up) as Type of network access server, click Next

    86048-image.png

    In Specify Conditions window, click Add, scroll down to select NAS Port Type, then select Virtual (VPN), click OK, click Next, select Authenticate requests on this server, and then click Next continuously until you click Finish to complete the configuration.

    85929-image.png

    85989-image.png

    Best Regards,
    Sunny

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.