Today none of our external workers could not connect to our RDS infrastructure.
They did not get the popup from the authenticator.
So i checked all eventlogs and saw this error:
NPS Extension for Azure MFA: CID: xx :Exception in Authentication Ext for User domain\user :: ErrorCode:: CID :ef8a01b7-f64c-47cc-b2a4-6d77008d8d40 ESTS_TOKEN_ERROR Msg:: Verify the client certificate is properly enrolled in Azure against your tenant and the server can access URL in Registry STS_URL. Error authenticating to eSTS: ErrorCode:: ESTS_TOKEN_ERROR Msg:: Error in retreiving token details from request handle: -895352821 AADSTS500014: The service principal for resource 'https://adnotifications.windowsazure.com/StrongAuthenticationService.svc/Connector' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.
It was enabled for almost 6 months - is there any way to find out why it was disabled? I used PowerShell to enable it again.
Also i have errors like:
NPS Extension for Azure MFA: Exception in Authentication Ext for User ErrorCode:: REQUEST_FORMAT_ERROR Msg:: Request cannot be processed without userName attribute Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827 for detailed troubleshooting steps.
and
NPS Extension for Azure MFA: Radius request is missing NAS Identifier and Nas IpAddress attribute.Populating atleast one of these fields is recommended.This is not an error.
The first one - may be related that i installed it on the broker - but it is also new for me.
And how to get rid of the second one
Best regards
Stephan
