Always on VPN, putting NPS server in DMZ? RRS feed

  • Question

  • Hi All,

    We currently have an RODC in the DMZ.  Is there any reason why we should be putting an NPS server in the LAN rather than the DMZ?

    also, do I need to make crldist available across the internet (as you do with SCCM) or is it not needed, as I assume the check will happen after the device has initiated the initial VPN connection, and will ultimately fail to pass the second phase of authentication if we were to revoke the certificate for any reason.


    Wednesday, March 25, 2020 9:16 AM

All replies

  • Hi,

    This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible.

    I appreciate your patience.

    If you have any updates during this process, please feel free to let me know.

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Thursday, March 26, 2020 9:37 AM