Network Policy Server + RADIUS not listening on any ports for Windows Server 2019

Question

I must be missing something basic - is there some "master" switch for enabling Network Policy Server? It's not listening on any of the RADIUS ports. Detail:

Trying to setup Windows Server 2019 as a RADIUS server. However, after configuring everything, "netstat -b" shows that the machine is not listening on any of the expected RADIUS ports (1812, 1645, 1813, 1646).

1. Installed the "Network Policy and Access Services" role

2. Followed the "Configure VPN or Dial-up" wizard

3. Confirmed RADIUS configuration:

4. Confirmed "Network Policy Server" ports:

5. Confirmed the "Network Policy Server" service is running.

Result: "netstat -b" shows that the machine is not listening on any of the expected RADIUS ports (1812, 1645, 1813, 1646).

Have tried with no luck:

1. Rebooting
2. Restarting the "Network Policy Server" service

Answer 1

netstat -b does not return any information for NPS port 1812 but netstat -na | findstr 1812 does on Windows 2019 Server.

There is a bug in NPS on Windows Server 2019 where it fails to register properly with Windows Firewall. See https://blog.topqore.com/radius-authentication-using-nps-on-server-2019-bug/ for detailed information. The fix listed in the article worked successfully for me.

Get-NetFirewallRule -DisplayGroup "Network Policy Server" | where DisplayName -like "*RADIUS*" | Set-NetFirewallRule -Service Any

This changes the Service in the NPS rules in the Windows Firewall from IAS to Any.

https://social.technet.microsoft.com/Forums/en-US/cf047df5-ed4a-46b9-9564-c9db5a9bc8dc/windows-server-2019-default-nps-firewall-rules-port-1812-udp-not-working?forum=ws2019

Social.Technet also lists a fix using "sc sidtype IAS unrestricted" but I have not tested this.

The firewall issue was the underlying problem for me. Using the wrong netstat command send me on a wild goose chase for a little while:)