SSLVPN with NPS and Azure MFA

Griff · June 2023

Hi,

I'm really struggling to get the Azure MFA plugin for NPS to work with SSL VPN. I have it working with L2TP, just not SSLVPN.

The error log shows a third party extension ddl has discarded the request.

I have confirmed NPS works without the Azure MFA extension enabled.

Any help would be greatly appreciated.

Thanks,

james.carson · June 2023

Hi @Griff
I'd suggest starting with whatever that DLL is -- if that driver is throwing out your authentication for some reason, fixing that is going to be the key to getting it working. If you can determine what app installed that DLL, I'd suggest interfacing with the support team from that product to find out what it's doing.

kimmo.pohjoisaho · June 2023

https://learn.microsoft.com/en-us/samples/azure-samples/azure-mfa-nps-extension-health-check/azure-mfa-nps-extension-health-check/

Griff · June 2023

The DLL is the Microsoft Azure NPS Extension for MFA. Sadly the error message doesn’t give me anymore useful information, the WG support guys have been really helpful.

I have also ran the health check script from Microsoft as mentioned above which reports no issues with my setup.

kimmo.pohjoisaho · June 2023

check Event Viewer under Applications and Services Logs > Microsoft > AzureMfa > AuthN > AuthZ on the server where the NPS Extension is installed.
checks this video: https://www.youtube.com/watch?v=VvKRVAqg934

have a strong feeling that your problem have maybe something to do with UPN suffix mismatch between your on-prem AD and Azure AD….
check the event view logs…

https://blog.workinghardinit.work/2021/08/20/ldap_alternate_loginid_attribute-is-a-gem/

SSLVPN with NPS and Azure MFA

Comments