NPS server with NPS extension for MFA

-

hi,

i've setup nps server nps extension mfa used in order use 2-factor authentication clients vpn requests. 

of clients connects fine of them authentication failures several times until several reboots , @ , connecting successfully. 

can see in security logs on nps server 2 different audit failure logs in different cases:

1) event id: 6273; reason code: 21; reason: nps extension dynamic link library (dll) installed on nps server rejected connection request.

2)  event id: 6274; reason code: 9; reason: request discarded third-party extension dll file.

reason these events , how prevent them? said, @ last users can establish vpn connection before maybe presented several authentication failures or performed several reboots try if can fix things.

kind regards,

zoran

zoran zasovski

hi,

event id 6274 — nps accounting request message processing
reconfigure, upgrade, or replace radius client
condition occurs when nps discards accounting requests because structure of accounting request message sent radius client not comply radius protocol.
reconfigure, upgrade, or replace radius client:
1 contact radius client vendor configuration assistance or firmware updates. many radius client vendors provide updated firmware allows radius client send accounting-request messages comply radius protocol.
2 if radius client vendor cannot provide reconfiguration instructions or firmware allows radius client send radius protocol-compliant messages, must obtain , install radius protocol-compliant radius client use nps.

event id 6273 — nps authentication status
error might caused 1 of following conditions:
1 user not have valid credentials
2 connection method not allowed network policy
3 network access server under attack
4 nps not have access user account database on domain controller
5 nps log files or sql server database not available

more information event,  please refer following article:

https://technet.microsoft.com/en-us/library/cc735399%28v=ws.10%29.aspx?f=255&mspperror=-2147217396

https://technet.microsoft.com/en-us/library/cc735339(v=ws.10).aspx

best regards,

frank

please remember mark replies answers if , unmark them if provide no help.
if have feedback technet subscriber support, contact tnmff@microsoft.com.



Windows Server  >  Network Access Protection



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more

Failed to setup initiator portal. Error status is given in the dump data.

-
hi team, server configured boot san  after booting  facing issue windows server 2008 r2 system logs continuously generating iscsi port error event id 5 failed setup initiator portal. error status given in dump data. eventdata \device\raidport1 000004000100000000000000050000c0000000000000000000000000000000000000000000000000070200c0 binary data: in words 0000: 00040000 00000001 00000000 c0000005 0008: 00000000 00000000 00000000 00000000 0010: 00000000 00000000 c0000207 in bytes 0000: 00 00 04 00 01 00 00 00 ........ 0008: 00 00 00 00 05 00 00 c0 .......À 0010: 00 00 00 00 00 00 00 00 ........ 0018: 00 00 00 00 00 00 00 00 ........ 0020: 00 00 00 00 00 00 00 00 ........ 0028: 07 02 00 c0 ...À hi, please read through article below troubleshoot issue: error event id 5 logged in system log on computer uses iscsi software initiator connect iscsi target device http://suppo...
Read more