Hi I have issue with haveing MFA working with our onpremise rds enviroment 2016 server.
I have installed:
Azure MFA server
Azure AD Connect
Configured MFA provider authentication based billing
NPSextension is installed on domain controller
Enabled MFA auth on AD object
Now when I login to RDS login fails and I receive a OTP SMS code for 2FA.
This error is generated on the server where the NPS extension is installed:
###########################################
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: mydomain\test1
Account Name: mydomain\test1
Account Domain: mydomain
Fully Qualified Account Name: mydomain.com/Companies/test1
Client Machine:
Security ID: NULL SID
Account Name: PC1
Fully Qualified Account Name: -
Called Station Identifier: UserAuthType:PW
Calling Station Identifier: -
NAS:
NAS IPv4 Address: -
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Virtual
NAS Port: -
RADIUS Client:
Client Friendly Name: RDSGateway
Client IP Address: 192.168.100.12
Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: RDG_CAP
Authentication Provider: Windows
Authentication Server: LAB-DC1.mydomain.com
Authentication Type: Extension
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 21
Reason: An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.
####################################################