Hi Everyone,
We have a 2016 RDS Platform we'd like to start using with Azure MFA. I've created an extra two NPS servers and installed the powershell plugin for MFA. Everything is configured as per:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg
When attempting to connect, the gateways simply timeout and do not authenticate. Looking through the NPS logs I'm seeing this:
NPS Extension for Azure MFA: CID: 8bacef42-b3ac-49be-872b-99b3eca79302 :Exception in Authentication Ext for User DOMAIN\username :: ErrorCode:: CID :******** ESTS_TOKEN_ERROR Msg:: Verify the client certificate is property enrolled in Azureagainst your tenant and the server can access URL in Registry STS_URL.Error authenticating to eSTS: ErrorCode:: ESTS_TOKEN_ERROR Msg:: Error in retreiving token details from request handle: -895352831 Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827for detailed TroubleShooting steps. Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827for detailed TroubleShooting steps.
I've ran numerous powershell commands to check the certificates are in azure which they are
for users not yet enabled for MPA I have added this to the registry
REQUIRE_USER_MATCH = FALSE
on the gateway servers I'm seeing an Event ID 6274
The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond.
Those users are also unable to login to RDS....I've had to revert all settings to restore service
any ideas?
Thanks!!