Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,573 questions
RDG, NPS and MFA
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 92%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWS%3C/text%3E%3C/svg%3E)
Wade Shelton
6
Reputation points
We're attempting to stand up a new Remote Desktop Gateway and are working on getting Azure AD MFA running.
I've been following the instructions here: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg
RADIUS server and the NPS extension have been configured on an AD domain controller. The gateway was confirmed to be working prior to trying to integrate MFA.
Whenever I try to connect to a server via the RDG, I get an error. The screenshot below is from an Android client, but it is the same on Windows.
In the Event log on RADIUS/NPS server, I get Event ID 6273, "An NPS Extension Dynamic Link Library (DLL) that is installed on the NPS Server rejected the connection request."
I've run the MFA_NPS_Troubleshooter powershell script. When run for a single user account (mine), it says that a valid MFA license cannot be found, yet our Tenant shows P1 licensure, and MFA is enabled for my account. I can verify that by logging into the office portal or the MS MFA verification page.
I've read a lot of articles re: the same error, but none of them have worked yet. Does anyone have any suggestions?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 57.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Shashi Shailaj 7,601 Reputation points Microsoft Employee2021-08-20T18:39:29.44+00:00 @Wade Shelton ,
Could you please check if the policy defined on network server have the following setting checked"ignore dial-in tab access permissions set on user objects in Active Directory."
Along with this setting your user account that you are trying to access with , must have the following setting "Control access through NPS network policy " selected in user's dial-in tab in active directory .
Please check if this helps. If it dos not , please let me know and I will help further on this. If the error and event message change with this , please provide the new error message / event data and we will continue to help you on this further.
Sign in to comment
Sign in to answer