We're using NPS (on a RDS Gateway server) to forward requests to a remote RADIUS server (PhoneFactor/Azure). This is the config on the RDS/NPS server:
Remote server configuration: --------------------------------------------------------- Group = TS GATEWAY SERVER GROUP Address = abc-infra-03.xyz.net Accounting port = 11813 Authentication port = 11812 Accounting shared secret = Authentication shared secret = abcdefg Require auth attrib = Yes Priority = 10 Weight = 50 Timeout = 90 seconds Max dropped = 2 Blackout = 90 seconds Notifications = Yes
Because of the human response time needed for PhoneFactor, we have the timeout set to 90s.
However, the NPS seems to refuse to go past 30s. Like clockwork, as soon as the RD Gateway sends credentials to the NPS, there are 30s until the client connection is closed and an event like this is logged. A 6273 event is logged (see below).
Is there any way to relax this 30s hard-coded limit in NPS?
Log Name: Security Source: Microsoft-Windows-Security-Auditing Event ID: 6273 Task Category: Network Policy Server Level: Information Keywords: Audit Failure User: N/A Description: Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information. User: Security ID: NULL SID Account Name: XYZ\john.doe Account Domain: - Fully Qualified Account Name: - Client Machine: Security ID: NULL SID Account Name: - Fully Qualified Account Name: - OS-Version: - Called Station Identifier: UserAuthType:PW Calling Station Identifier: - NAS: NAS IPv4 Address: - NAS IPv6 Address: - NAS Identifier: - NAS Port-Type: Virtual NAS Port: - RADIUS Client: Client Friendly Name: - Client IP Address: - Authentication Details: Proxy Policy Name: TS GATEWAY AUTHORIZATION POLICY Network Policy Name: - Authentication Provider: RADIUS Proxy Authentication Server: 10.99.99.99 Authentication Type: - EAP Type: - Account Session Identifier: - Reason Code: 112 Reason: The remote RADIUS (Remote Authentication Dial-In User Service) server did not process the authentication request.