Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [nps]

Network Policy Server, is a Microsoft RADIUS server for Windows Server 2008 and higher.

Microsoft's Network Policy Server is a server provided with and . It provides a variety of authentication services for VPN and connections.

119 questions
9
votes
4 answers

Authentication via RADIUS : MSCHAPv2 Error 691

I am working on setting up authentication into an Acme Packet Net-Net 3820 (SBC) via RADIUS. The accounting side of things is working just fine with no issues. The authentication side of things is another matter. I can see from a packet capture that…
New Guy
  • 346
  • 2
  • 5
  • 12
8
votes
1 answer

My GoDaddy! certificate is not trusted by iOS devices but it is trusted by Android and Windows devices

I’ve deployed some Radius servers (Windows Server 2012 R2 with NPS). They use PEAP-MSCHAP-V2 for authentication with a SAN Go Daddy Certificate. They are deployed in order to handle Wi-Fi connections. The certificate works with all my devices…
XSP
  • 83
  • 1
  • 1
  • 5
7
votes
1 answer

How do I get as much debugging info as possible out of the Network Policy Server (ias) service?

We are trying to authenticate a client on remote vpn, through a Meraki Z1 teleworker appliance. The Z1 is sending a proper request, the Network Policy Server (ias) service is apparently authenticating the user because our NPS log shows that there…
Peter Grace
  • 3,446
  • 1
  • 26
  • 42
7
votes
1 answer

Network Policy Server Granular Time Restrictions

I am configuring NPS as a RADIUS authentication source for my wireless clients. I am trying to differentiate between school hours and after hours as I need to connect certain users to a different network for after hours access to extra resources. I…
Littlejon
  • 243
  • 1
  • 3
  • 9
7
votes
1 answer

Third Party Wildcard Certificates for use with Microsoft NPS / RADIUS / PEAP

I want to replace the SSL certificate that is used for PEAP on our NPS server that is doing RADIUS authentication for our Cisco WLCs. The current certificate is a SSL certificate that does Client Authentication and Server Authentication. We want to…
MDMarra
  • 100,183
  • 32
  • 195
  • 326
6
votes
1 answer

Restrict access to RD Gateway based on IP

I'm trying to restrict who can access our RD Gateway based on both their group membership and IP address (so people in group A can only access the system from IP address X). The Network Policy Server installed by the RD Gateway seems to imply that…
Sam Cogan
  • 38,158
  • 6
  • 77
  • 113
6
votes
5 answers

Cannot connect to a VPN server - authentication failed with error code 691

When trying to connect to a VPN server, I get the 691 error code on the client, which say: Error Description: 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the …
stacker
  • 831
  • 3
  • 10
  • 15
5
votes
1 answer

Providing High Availability for NPS

I need to ensure high availability for RADIUS service in Windows Server environment so it can withstand loss or even temporary downtime of any particular server holding NPS role. Most of technet articles state that I should use NPS Proxy, but in my…
strange walker
  • 582
  • 3
  • 10
4
votes
3 answers

SuperMicro IPMI using Windows-based RADIUS (NPS)

I'm struggling to use a Windows-based RADIUS setup (Network Policy Server) with SuperMicro IPMI interfaces. I've found that I need to add vendor-specific attribute H=4, I=4 (Appendix C in the SuperMicro IPMI manual), but I'm not sure about some of…
Joep Piscaer
  • 41
  • 2
4
votes
4 answers

How to prevent a user from being able to plug an XP machine into the network

We recently had an issue where a user brought their laptop in from home and plugged it into the network, attempting to get internet access. I know on a port level I could setup MAC restrictions, but I was wondering if there was a way that I could…
Don
  • 838
  • 8
  • 18
  • 33
4
votes
2 answers

Why would NPS suddenly stop authenticating users?

We use a computer running Windows Server 2008 (32-bit) with the RRAS and NPS roles to authenticate users for VPN and wireless access over RADIUS. This configuration has been working great for more than a year, but starting this morning the server…
Nic
  • 13,025
  • 16
  • 59
  • 102
4
votes
2 answers

Remote administer Network Policy Server

In our domain I have a Windows Server 2008 R2 machine "GWY" with the Network Policy and Access Services role installed. From this machine I can open the Network Policy Server management console to administer this role. However, I have another Server…
Jason Stangroome
  • 345
  • 7
  • 21
3
votes
1 answer

Is a Windows Server CAL needed for IEEE 802.1x MAC authentication bypass?

We want to deploy IEEE 802.1X port-based authentication for specific devices by means of MAC authentication bypass. For this, we must enter the MAC address of the device as username and password in the Active Directory for NPS on Windows Server 2016…
bertb
  • 31
  • 1
3
votes
3 answers

strongswan IKEv2 VPN + RADIUS authentication with NPS in Active Directory domain

I've managed to get strongswan running with eap-mschapv2 authentication using a server certificate. Now I want to try and use the eap-radius plugin with NPS running on a Windows 2012 R2 server to authenticate against Active Directory. On the domain…
0B51D14N
  • 73
  • 2
  • 8
3
votes
1 answer

Missing roles in Windows Server 2016

I'm trying to install the NPS role on Windows Server 2016 (Datacenter) but neither Server Manager nor Install-Windows feature seem to be aware of its existence: PS > Install-WindowsFeature NPAS -IncludeManagementTools Install-WindowsFeature :…
digitalPhonix
  • 83
  • 2
  • 6
1
2 3 4 5 6 7 8