question

PedroDuque-3928 avatar image
0 Votes"
PedroDuque-3928 asked MarileeTurscak-MSFT commented

NPS Extension - no prompt for 2nd step authentication (after working fine)

Hi,

I've configured NPS with NPS extension to connect to my Azure Tenant. I also configured MFA in the required accounts.

The objective was to have our VPN authenticating against AD using MFA.

After configuring the VPN everything was working well. Every time I logged in I was asked for a 2nd authentication step in the app.

Unfortunatly this behaviour stopped.

Now I can login in the VPN without the 2nd step authentication although if I look at event log (Applications and Services Logs/Microsoft/AzureMfa/AuthZ/AuthZOptCh) in NPS server I get the expected message "NPS Extension for Azure MFA: CID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx : Access Accepted for user xxxx@xxxx.xxx with Azure MFA response: Success and message: session xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".

Any clues?

azure-ad-multi-factor-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered

It sounds like there is something missing in your NPS server configuration. Please confirm that you have configured all of your NPS server settings to match what's in the document in the "Configure NPS Components on Remote Desktop Gateway" and "Configure NPS on the server where the NPS extension is installed" sections. https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg#configure-nps-components-on-remote-desktop-gateway

It is also worth noting that two-way SMS and OTP MFA are not guaranteed for the NPS extension due to multiple factors that can affect the service, and it's recommended to stick to app authentication or phone call. If the users are configured for two-way SMS that may be related to the issue.

To troubleshoot what may be causing the problem you can also check the NPS server event logs.

78472-npsevents.jpg

https://docs.microsoft.com/en-us/answers/questions/28247/azure-mfa-nps-extension-no-mfa-prompt-on-logon.html



npsevents.jpg (39.0 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PedroDuque-3928 avatar image
1 Vote"
PedroDuque-3928 answered MarileeTurscak-MSFT commented

When I checked the date on the eventviewer I noticed that the extension was not processing the events. It were old logs.##It was slved with an update and server restart.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for confirming.

0 Votes 0 ·