Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,170 questions
Not able to register NPS server to active directory
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 84%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Nishu radjamohane
1
Reputation point
Topology :
I am trying to create a simple TLS connection between a client and server.
Both NPS and active directory are there in the same server.
Issue:
"Register server in Active directory" option is greyed out on the NPS server.Due to which the TLS connection is failing.
In the active dir>RAS and IAS server>member the NPS server is not present.
Also the command "netsh nps add registered server" gives the output "The server is not operational"
The TLS connection is failing with the ID : 6273:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: S-1-5-21-2918599220-1559750031-3582700202-1109
Account Name: peap@test .espressif.com
Account Domain: TEST
Fully Qualified Account Name: TEST\peap
Client Machine:
Security ID: S-1-0-0
Account Name: -
Fully Qualified Account Name: -
Called Station Identifier: D0-37-45-B9-2B-AF:NISH-TLS
Calling Station Identifier: C8-2B-96-B8-87-70
NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: -
RADIUS Client:
Client Friendly Name: esp_rpi-5
Client IP Address: 10.0.1.18
Authentication Details:
Connection Request Policy Name: NISH_TLS
Network Policy Name: NISH-TLS
Authentication Provider: Windows
Authentication Server: WIN-TSO77NCTEQ0.test.espressif.com
Authentication Type: EAP
EAP Type: Microsoft: Smart Card or other certificate
Account Session Identifier: 44423835314135444337364545434532
Logging Results: Accounting information was written to the local log file.
Reason Code: 16
Reason: Authentication failed due to a user credentials mismatch. Either the user name provided does not map to an existing user account or the password was incorrect.
But the PEAP connection is successful with "validate server" option is switched off on the client.
I have exported the Certs generated on the windows server and have used them on freeradius and the connection is successful. Hence looks like the certs are fine.
How to register the NPS server to the Active directory?
{count} votes
-
Limitless Technology 39,366 Reputation points2021-09-24T15:44:21.943+00:00 Hello @Nishu radjamohane
Have you followed the next guide for Registering NPS?:
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-manage-register -
Nishu radjamohane 1 Reputation point
2021-09-26T06:20:19.867+00:00 @Limitless Technology Yes, I have followed that DOC.
- Method 1 "Register Server in Active Directory" option is greyed out
- Method 2 "I dont see any NAS computer in the add new Member option
- Method 3 is giving the output "The server is not operational"
-
Nishu radjamohane 1 Reputation point
2021-09-26T06:22:32.813+00:00 
screen shot of the NPS
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Armend Mehmeti 1 Reputation point2022-04-13T11:43:11.017+00:00 Hello, you might need to first domain-join the machine and then login to it using an domain-admin account.
This worked for me and I had the same issue (Only the part where the option is grayed out).Hope it helps!
Sign in to comment