Windows Server 2019 NPS (Network Policy Server) - SOLVED

Question

Because there were too many confusions by some moderators and other people, I read on other different pages with the same given solution to the problem to authenticate through NPS.

On that server for Windows Server 2019, open Command and type the following:

• sc sidtype IAS unrestricted

After a success message, restart the server.

I was able to authenticate through my phone, but my laptop didn't except through VPN on the second server from this one.

Answer 1

Hi ,

Please check the event log both on your client and NPS server to see if there are something related for us to troubleshooting.

The cause might be the Inbound traffic to ports UDP/1812 or UDP/1813 is silently dropped by firewall.

On Windows Server 2019 with NPS role installed, open an admin command prompt & run the following command:

1.sc sidtype IAS unrestricted

2.Reboot the server

3.Attempt the connection

If it still doesn't work, the following may be required:

Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "RADIUS" | Set-NetFirewallRule -Service Any

And to validate:

Get-NetFirewallServiceFilter -PolicyStore ActiveStore | Format-Table - Property *

Then check if the issue was resolved.

Best Regards,

Candy

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

What I meant is that I'm able to login on my cell phone Wi-Fi but the laptop or desktop will not work for wifi enterprise login. Just a message related to NFTN or something.

Answer 3

Here is the breakdown,

• Windows Server 2016 Standard: I was able to connect any devices such as Windows 10 computer to the wifi NPS via user and password on the interface.
  • Windows Server 2019 Standard: There was a bug resolved however, I cannot connect any Windows 10 desktop or laptops to Wi-Fi NPS via user and password. Other devices like amazon kindle and my cell phone were able to connect.

Answer 4

For (Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "RADIUS" | Set-NetFirewallRule -Service Any), what do I do for this phrase? Do I go to firewall? I need a breakdown on how to do this. I did the command part already with (sc sidtype IAS unrestricted)

Also Is the port for 1812 and 1813 on server side or client side? Does TLS need to be enabled?

Also as an idea, if someone can compare both server setting, they can find out what's really going on with Server 2019

Answer 5

Did you mean run the command of sc sidtype IAS unrestricted and restart the NPS server still doesn't work?

It might be that the default Windows firewall rules to allow inbound UDP port 1812 (RADIUS authentication) and inbound UDP port 1813 (RADIUS accounting) on NPS server do not work.

To do the troubleshooting, you can enable firewall logging on the NPS server to log both allowed and dropped packets. Attempt VPN connection and observe the firewall logs. Then you might see the firewall is dropping packets inbound on UDP port 1812, as the picture below:

Run the command on the NPS server side：