Microsoft 2016 NPS with Azure MFA extension RRS feed

  • Question

  • hi out there

    I have a small problem where I try to autheticate a AnyConnect client trough a ASA agains a Microsoft 2016 NPS server with MFA extensions enabled.

    I hit my Network Polici etc - but whatever I try the NPS refuses to authenticate my account and returns simply:

    NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State. 
    Request received for User John with response state AccessReject, ignoring request.

    The NPS is defined as a std Radius server with MFA extension - if I permit access without authentication in the Connection Request Policy the MFA 
    extension nicely prompts for permission on my smartphone and the AnyConnect client connects.
    There isnt that much I can configure on the Cisco ASA regarding the AAA Radius server - more or less just enable support for MS CHAPv2 or not...

    I am out of ideas right now - what can cause a NPS server to refuse authentication from a Cisco ASA?

    br ti
    Wednesday, October 17, 2018 8:57 AM

All replies