Dear all,
I´ve got settings to require MFA for VPN users. Works well, but one user could not get in, even others can. Getting following error on it. Credentials are valid, NPS Extension just rejects it, better say, NPS Ext.got RejectState, so did not forward to Azure
MFA service. Same error message pops up even I put invalid credentials in. Any clue about? Tried to use SAM, UPN, does not work, invalid credentials, does not work.
Thanks in advance.
Log Name: AuthZOptCh
Source: Microsoft-AzureMfa-AuthZ
Date: 10/11/2017 8:50:49 AM
Event ID: 1
Task Category: None
Level: Information
Keywords:
User: NETWORK SERVICE
Computer: NPS-EXT-02.myonprem.local
Description:
NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User user.name@mypublicdomainname.suffix with response state AccessReject, ignoring request.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-AzureMfa-AuthZ" Guid="{F467B6B9-E970-4569-9798-9F452BBAC055}" />
<EventID>1</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2017-10-11T06:50:49.755581400Z" />
<EventRecordID>270</EventRecordID>
<Correlation />
<Execution ProcessID="6256" ThreadID="1456" />
<Channel>AuthZOptCh</Channel>
<Computer>NPS-EXT-02.myonprem.local</Computer>
<Security UserID="S-1-5-20666" />
</System>
<EventData>
<Data Name="msg">NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. Request received for User user.name@mypublicdomainname.suffix with response state AccessReject, ignoring
request.</Data>
</EventData>
</Event>
Petr Weiner