question

WadeShelton-7599 avatar image
0 Votes"
WadeShelton-7599 asked shashishailaj commented

RDG, NPS and MFA

We're attempting to stand up a new Remote Desktop Gateway and are working on getting Azure AD MFA running.

I've been following the instructions here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg

RADIUS server and the NPS extension have been configured on an AD domain controller. The gateway was confirmed to be working prior to trying to integrate MFA.

Whenever I try to connect to a server via the RDG, I get an error. The screenshot below is from an Android client, but it is the same on Windows.


124357-screenshot-20210818-164831-microsoft-remote-deskto.jpg




In the Event log on RADIUS/NPS server, I get Event ID 6273, "An NPS Extension Dynamic Link Library (DLL) that is installed on the NPS Server rejected the connection request."

I've run the MFA_NPS_Troubleshooter powershell script. When run for a single user account (mine), it says that a valid MFA license cannot be found, yet our Tenant shows P1 licensure, and MFA is enabled for my account. I can verify that by logging into the office portal or the MS MFA verification page.

I've read a lot of articles re: the same error, but none of them have worked yet. Does anyone have any suggestions?

remote-desktop-servicesazure-ad-multi-factor-authentication
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@WadeShelton-7599 ,
Could you please check if the policy defined on network server have the following setting checked

"ignore dial-in tab access permissions set on user objects in Active Directory."

125119-image.png

Along with this setting your user account that you are trying to access with , must have the following setting "Control access through NPS network policy " selected in user's dial-in tab in active directory .

125134-image.png

Please check if this helps. If it dos not , please let me know and I will help further on this. If the error and event message change with this , please provide the new error message / event data and we will continue to help you on this further.

0 Votes 0 ·
image.png (44.7 KiB)
image.png (29.7 KiB)

0 Answers