Unable to update IAS server configuration - AzureMFA

CraigG 16 Reputation points
2022-02-04T01:36:07.527+00:00

There is still a common issue in RDS deployments, especially when using the AzureMFA Plugin, where you encounter the "Unable to update IAS server configuration. Your current configuration maybe in an inconsistent state." on the RDS Gateway when trying to modify Central RD CAP settings. I've realized that the only threads which exist on the subject are on social.technet which is no longer accepting replies, so I just wanted to share an easier way to resolve this issue without requiring you to rebuild your RDS deployment like the aforementioned threads suggest (and the issue will pop up again anyhow):

Instead of trying to change the Central RD CAP settings in the RDS Gateway, open the Network Policy Server application on the RDS Gateway machine and just add/modify/remove the information in the "TS GATEWAY SERVER GROUP" under NPS Root\RADIUS Clients and Servers\Remote RADIUS Server Groups. The Gateway service reads from these settings, so once you make the change, you will see the settings update in the Gateway after you refresh. Hope that helps someone!

-CraigG

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,190 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,103 questions
{count} votes

1 answer

Sort by: Most helpful
  1. CraigG 16 Reputation points
    2022-02-04T01:38:05.137+00:00

    There is still a common issue in RDS deployments, especially when using the AzureMFA Plugin, where you encounter the "Unable to update IAS server configuration. Your current configuration maybe in an inconsistent state." on the RDS Gateway when trying to modify Central RD CAP settings. I've realized that the only threads which exist on the subject are on social.technet which is no longer accepting replies, so I just wanted to share an easier way to resolve this issue without requiring you to rebuild your RDS deployment like the aforementioned threads suggest (and the issue will pop up again anyhow):

    Instead of trying to change the Central RD CAP settings in the RDS Gateway, open the Network Policy Server application on the RDS Gateway machine and just add/modify/remove the information in the "TS GATEWAY SERVER GROUP" under NPS Root\RADIUS Clients and Servers\Remote RADIUS Server Groups. The Gateway service reads from these settings, so once you make the change, you will see the settings update in the Gateway after you refresh. Hope that helps someone!

    -CraigG

    3 people found this answer helpful.