Azure MFA using NPS on RDS 2019 Deployment

DaveM 1 Reputation point
2021-06-17T14:38:12.49+00:00

I have brand new deployment for RDS, 3 servers, 1 x RD CB, 1 x RD SH and 1 running, RD Gateway & RD Web Access Gateway. All 3 servers are running Windows server 2019
I have a separate server running NPS as central NPS

Have followed all the guides from here https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg#configure-nps-components-on-remote-desktop-gateway and here http://microsoftplatform.blogspot.com/2017/02/securing-rd-gateway-with-mfa-using-new.html

RDS is working without issue but I am not getting any MFA prompt at all. Just sails through to the CB and then to the SH and presents me with the test application I have presented to my test user.

Any ideas?

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,499 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,292 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Leila Kong 3,696 Reputation points
    2021-06-18T09:52:18.12+00:00

    Hello anonymous userMurtagh-5303 ,

    Thanks for your query.

    Please check the following similar post for troubleshooting:
    https://learn.microsoft.com/en-us/answers/questions/28247/azure-mfa-nps-extension-no-mfa-prompt-on-logon.html

    Best regards,
    Leila

    ----------

    If the Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Leila Kong 3,696 Reputation points
    2021-06-22T02:25:52.173+00:00

    Hello anonymous userMurtagh-5303 ,

    Thanks for your feedback.

    1.Please follow the instructions in Troubleshooting the MFA NPS extension to investigate client cert and ADAL token problems.
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-errors
    https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension#troubleshooting

    2.The Azure Multi-Factor Auth Client and the Azure Multi-Factor Auth Connector enterprise applications must be enabled to support the NPS extension for Azure MFA.
    https://directaccess.richardhicks.com/tag/ests_token_error/
    https://s4erka.wordpress.com/2019/01/25/azuremfa-nps-troubleshooting/

    0 comments No comments

  3. Leila Kong 3,696 Reputation points
    2021-07-06T09:58:22.697+00:00

    Hello anonymous userMurtagh-5303 ,

    We haven’t heard from you in a couple of days.
    How are things going there on this issue?

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.