![]() You can check for old certificates using: Get-MsolServicePrincipalCredential -AppPrincipalId "app-principal-id" -ReturnKeyValues 1 ĥ) Make sure that there aren't any duplicate or old certificates on the server. Older versions sometimes threw that DLL error. If the request is timing out too soon, make sure that it's set to at least 60 seconds to give enough time for the request to succeed.Ĥ) Make sure also you have the latest version of the extension installed, as well as all Windows updates. (This could be the case if this is failing for some users and not others, but likely not the case if the users can login sometimes and not others as you described.)Ģ) Timeout observed within any firewall that you may have within your network.ģ) During my own setup of this extension I have received this error when the request was timing out too soon, when the latest version of the extension was not installed, and when there were old certificates on the server that needed to be removed. You can change the user's password to resolve this. The NPS does not support Unicode passwords and it can fail for that reason. The DLL error can happen any of the following reasons (among others):ġ) The user for which NPS rejects the requests have unicode characters in their passwords. I'm providing a pretty long list of additional possibilities so apologies in advance if you have tried some of these. Then, restart the services and the server. Then, make sure you have added the users to the Cisco Any connect App in the Azure portal. ![]() If you are getting a username/password error, you can update the passwords and make sure everything in the integration guide has been configured as described. Hi error do you see in the Event Viewer? I'll be able to help diagnose much more accurately if I have this. How can I find why it was rejected? azure-active-directory azure-ad-authentication Reason: An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request. Logging Results: Accounting information was written to the local log file. Network Policy Server denied access to a user.Ĭontact the Network Policy Server administrator for more information.įully Qualified Account Name: XXXXXXXXXXXĬonnection Request Policy Name: Remote-VPN Request received for User XXXXXX with response state AccessReject, ignoring request. ![]() NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. If the user tries with a VPN server without MFA - there are no issues. Sometimes they can login using another VPN server, sometimes it fails for both simultaneously. Sometimes they can login from the second attempt, sometimes it starts working in 5/10 minutes. Sometimes some of the users get "Login failed" on their An圜onnect client immediately after they try to login. This is working most of the time for all users. ![]() For our remote VPN connections, we use Cisco An圜onnect + ASA and the MFA extension for Azure. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |