I'm setting up a Network Policy Server on Server 2008R2 for an SSL VPN on a fortigate firewall. I just installed the role, added the radius client and added a new network policy called "VPN Users" as the 1st policy. At this point, I'm unable to connect unless I disable the two polices that are created by default. I don't understand why I have to do this when the VPN Users policy is #1 on the list. It appears that the NPS checks all polices and is not just going down the list until one is matched (as it states in Microsofts documentation). Is this a bug? I'd like it if someone can explain how this works for me.
That’s not a bug but by design.
A default connection request policy is created when you install NPS. The default connection request policy uses NPS as a RADIUS server and processes all authentication requests locally. If you do not want the NPS server to act as a RADIUS server and process connection requests locally, you can delete the default connection request policy. However, at least one connection request policy must be running on your NPS server for it to authenticate and authorize connection requests from RADIUS clients.
NPS: Network Policy Server (NPS) should have at least one connection request policy enabled
Verify NPS Configuration
Hope this helps.
- Proposed as answer by Meinolf WeberMVP Monday, September 16, 2013 12:28 PM
I have the default connection request policy in place. It hasn't been changed. My issue is not with the connection request policy but the Network Policy. Please see the pictures above. The Network Policy doesn't seem to be processing correctly. It doesn't start on policy 1 and then move its way up, looking for a policy that matches. It seems to be working in a way that it needs to match all policies.