none
Cross-forest NPS not working RRS feed

  • Question

  • Hello,

    We have a two-way forest trust with forest-wide authentication. Our NPS server is located in one forest and we are trying to authenticate computer accounts with certificates (EAP) from the other forest, but receiving the following error on the NPS server:

    • Event ID: 6273
    • Reason Code: 7
    • Reason: The specified domain does not exist.

    Does anyone have any thoughts? Do we need a RADIUS proxy?

    Tuesday, September 24, 2019 9:39 AM

All replies

  • Hi,

    Thanks for your question.

    NPS supports authentication across forests without a RADIUS proxy when the two forests contain only domains that consist of domain controllers running Windows Server 2008, Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; and Windows Server 2003, Datacenter Edition. The forest functional level must be Windows Server 2008 or Windows Server 2003, and there must be a two-way trust relationship between forests. If you use EAP-TLS or PEAP-TLS with certificates as your authentication method, you must use a RADIUS proxy for authentication across forests that consist of Windows Server 2008 and Windows Server 2003 domains.

    Create a global group that will hold your NPS servers, and make sure that group has the "Allowed to authenticate" right set on the computer accounts on the domain controllers in the user domain(s). We can refer to this docs,

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc738653(v=ws.10)?redirectedfrom=MSDN

    This is the most-restrictive setting required for NPS to authenticate users in a trusted forest, otherwise you will need a RADIUS Proxy and NPS servers set up in the user domain(s).

    Here’re the references talked about NPS as a Radius server and Proxy

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197447(v=ws.10)?redirectedfrom=MSDN

    https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-plan-proxy

    Besides, about NPS events, here's an article discussed it, but didn't find error code 7.

    https://documentation.meraki.com/MR/Encryption_and_Authentication/Windows_NPS_RADIUS_Event_ID_Errors

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.


    Hope above information can help you.

    Highly appreciate your effort and time. If you have any question or concern, please feel free to let me know.

    Best regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, September 25, 2019 6:30 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, September 26, 2019 8:39 AM
  • Hi,
    Could the above reply be of help? If yes, you may mark it as answer, if not, feel free to feed back


    Best Regards,
    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, October 4, 2019 10:00 AM
  • Hi,

     

    Was your issue resolved?

     

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

     

    Best Regards,

    Michael


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, October 8, 2019 10:40 AM