NPS Azure MFA extension

Question

Hi All,

i get the following error on 1 of our nps servers, when i do a radius request to Azure MFA :

NPS Extension for Azure MFA: CID: 20fbc00d-fdce-495a-a5ee-01f122aa79fc :Exception in Authentication Ext for User dennis.schults@Piepel .com :: ErrorCode:: CID :20fbc00d-fdce-495a-a5ee-01f122aa79fc ESTS_TOKEN_ERROR Msg:: Verify the client certificate is properly enrolled in Azure against your tenant and the server can access URL in Registry STS_URL. Error authenticating to eSTS: ErrorCode:: ESTS_TOKEN_ERROR Msg:: Error in retreiving token details from request handle: -894947609 The server name could not be resolved. Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827 for detailed troubleshooting steps. Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827 for detailed troubleshooting steps.

NPS server is registered in Active Directory and ip/dns settings are ok

Regards,
Dennis

Answer 1

Hello @Dennis Schults

Please run below NPS Extension Troubleshooter Script using PowerShell under Admin Privileges to identify the issue. You can use this script to see if all the required endpoints are reachable, valid certificate is present or not, if any required updates are missing and so on. If no problem is detected and you are still facing the issue, this script also includes an option to collect required logs which you can provide to MS support in the support ticket as well.

You can download the script from TechNet: https://gallery.technet.microsoft.com/Azure-MFA-NPS-Extension-648de6bb

Please refer to the screenshot below to see all the checks this script performs:

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.