none
NPS authentication doesn't return UPN for account name RRS feed

  • Question

  • Hi guys,

    I was trying to figure out this in order to setup Azure MFA with VPN. I am stuck with after user entered username/password for NPS authentication, NPS doesn't return the UPN in order to pass on to Azure MFA.

    I have followed all instructions I could find to install NPS extension and radius configuration.

    This is NPS(without Azure extension) logs in the eventview:

    Network Policy Server granted access to a user.

    User:

          Security ID:          AD\Jane

          Account Name:     Jane

          Account Domain:  AD

          Fully Qualified Account Name:      ad.company.com/OU/Jane

    I wonder if <Account Name> should have returned jane@mail.company.com instead of username. If yes, what might be possible cause such that our system is unable to return UPN.

    Regards

    Wednesday, March 27, 2019 1:51 PM

Answers

  • Hi,

    Assume that your VPN configuration was working before you configured the VPN server to use a centralized RADIUS server for authentication and authorization. If the configuration was working, it is likely that the issue is caused by a misconfiguration of the RADIUS server or the use of an invalid username or password. For example, if you use the alternate UPN suffix in the username, the sign-in attempt might fail. Use the same account name for best results.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 28, 2019 6:16 AM
    Moderator

All replies

  • Hi,

    Assume that your VPN configuration was working before you configured the VPN server to use a centralized RADIUS server for authentication and authorization. If the configuration was working, it is likely that the issue is caused by a misconfiguration of the RADIUS server or the use of an invalid username or password. For example, if you use the alternate UPN suffix in the username, the sign-in attempt might fail. Use the same account name for best results.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, March 28, 2019 6:16 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful.

    Please let us know if you would like further assistance.

    Best Regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, April 4, 2019 7:06 AM
    Moderator