Microsoft NPS Server not Authenticating to Azure Active Directory Domain Services RRS feed

  • Question

  • Configuration Summary:

    - Have a VPN Successfully configured between on-Premise LAN and Azure Environment, which includes active AADDS.

    - There is an on-premise Microsoft NPS VM Guest, which has been joined to the AADDS Domain, via the VPN Connection.

    - Have configured on-premise Wireless network to utilize RADIUS 802.1X authentication via the on-premise Wireless Controller, which is configured to use the on-premise NPS Server Guest VM.

    On the Event Viewer for the NPS Server, am getting the following errors:

    The Network Policy Server was unable to connect to a domain controller in the domain where the account is located. Because of this, authentication and authorization for the RADIUS request could not be performed.

    So I know the RADIUS requests are making it to the NPS server. Just can't figure out how much further, then this, the requests are traversing. Getting some logs would be great, but they seem to be empty, when they are requested, from the various dependent Azure Resources.

    Am I missing anything in this particular RADIUS Setup?

    Does the applicable NSG in Azure, require additional entries, to allow communication, with the Domain Controllers?

    Thursday, November 7, 2019 10:52 PM

All replies

  • You can find more information about the ports that NPS and RADIUS uses Here. Traffic will need to flow to and from the machine and the domain controller. 

    An easy way to make sure the NSGs are not blocking is to allow all traffic between the machines on the NSG and try this again. 

    Friday, November 8, 2019 11:43 PM
  • Tried your suggestion, with the same results. The challenge, is trying to figure out, where the disruption is happening. The Event Viewer Logs on the NPS Server shows it cannot establish a connection with one of the AADDS Servers, then switches and establishes communications with the 2nd. That is where the logging ends.

    The Wireless Client, just gets a "Cannot Join Wireless Network" Message.

    • Edited by vcaraballo Monday, November 11, 2019 6:37 PM Grammar correction.
    Monday, November 11, 2019 6:36 PM