Share via

Windows srv 2022 NPS policies random behaviour

GS 45 Reputation points
2026-02-11T18:34:48.63+00:00

Trying for 2 days to setup Azure NPS extension to work, managed to achieve successful connections using microsoft authenticator. I wanted PFSense(OVPN) through radius to authenticate users. The problem is that i have more than one instances. So when i just COPY the NPS policy to connect another system with EXACTLY same setup and only different NAS IPv4 address the system just ignores this policy rule and rejects connection! I can see the message in event viewer but i cannot understand why the policy doesn't "catch" the request!

Microsoft Security | Microsoft Authenticator
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-02-11T18:35:02.4133333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    It sounds like you're experiencing issues with your NPS policy not being applied correctly when you copy it for a different NAS IP address. Here are a few troubleshooting steps you can consider:

    1. Check RADIUS Client Configuration: Ensure that the new NAS IP address is correctly added to the RADIUS Clients list in NPS. If the IP address is not recognized, the policy will not apply.
    2. Policy Conditions: Review the conditions set in the NPS policy. Make sure that the conditions are not too restrictive and that they match the incoming requests from the new NAS. Sometimes, policies may have specific conditions that need to be met based on the NAS's attributes.
    3. Event Viewer Logs: Since you mentioned seeing messages in the Event Viewer, pay close attention to the Event IDs related to NPS. For instance, Event ID 6273 indicates that access was denied, and the reason code can provide insight into why the policy didn't apply. Look for common reasons such as invalid credentials or mismatched shared secrets.
    4. Shared Secret: Verify that the shared secret between the NPS and the new NAS matches. If they do not match, authentication will fail.
    5. Testing with Different Policies: If possible, create a simple policy that only checks for the NAS IP and grants access without additional conditions. This can help you determine if the issue lies within the complexity of the original policy.
    6. NPS Auditing: Ensure that NPS auditing is enabled to capture detailed logs of the authentication process. This can help identify where the failure occurs.

    If these steps do not resolve the issue, you may want to consult the NPS troubleshooting documentation for further guidance.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.