Unable to update IAS server configuration - AzureMFA

CraigG 6 Reputation points
2022-02-04T01:36:07.527+00:00

There is still a common issue in RDS deployments, especially when using the AzureMFA Plugin, where you encounter the "Unable to update IAS server configuration. Your current configuration maybe in an inconsistent state." on the RDS Gateway when trying to modify Central RD CAP settings. I've realized that the only threads which exist on the subject are on social.technet which is no longer accepting replies, so I just wanted to share an easier way to resolve this issue without requiring you to rebuild your RDS deployment like the aforementioned threads suggest (and the issue will pop up again anyhow):

Instead of trying to change the Central RD CAP settings in the RDS Gateway, open the Network Policy Server application on the RDS Gateway machine and just add/modify/remove the information in the "TS GATEWAY SERVER GROUP" under NPS Root\RADIUS Clients and Servers\Remote RADIUS Server Groups. The Gateway service reads from these settings, so once you make the change, you will see the settings update in the Gateway after you refresh. Hope that helps someone!

-CraigG

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,666 questions
Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
3,421 questions
0 comments No comments
{count} votes

1 answer

Sort by: Newest
  1. CraigG 6 Reputation points
    2022-02-04T01:38:05.137+00:00

    There is still a common issue in RDS deployments, especially when using the AzureMFA Plugin, where you encounter the "Unable to update IAS server configuration. Your current configuration maybe in an inconsistent state." on the RDS Gateway when trying to modify Central RD CAP settings. I've realized that the only threads which exist on the subject are on social.technet which is no longer accepting replies, so I just wanted to share an easier way to resolve this issue without requiring you to rebuild your RDS deployment like the aforementioned threads suggest (and the issue will pop up again anyhow):

    Instead of trying to change the Central RD CAP settings in the RDS Gateway, open the Network Policy Server application on the RDS Gateway machine and just add/modify/remove the information in the "TS GATEWAY SERVER GROUP" under NPS Root\RADIUS Clients and Servers\Remote RADIUS Server Groups. The Gateway service reads from these settings, so once you make the change, you will see the settings update in the Gateway after you refresh. Hope that helps someone!

    -CraigG

    1 person found this answer helpful.