Showing results for 
Show  only  | Search instead for 
Did you mean: 

RADIUS Authentication and Windows Server 2019 Firewall/NPS Bug


RADIUS Authentication and Windows Server 2019 Firewall/NPS Bug

I just spent all day trying to get RADIUS authentication for Client VPN to work on 2 separate Windows 2019 Servers.


I hope others find this post before they waste an entire day.


If you are having RADIUS authentication issues with Windows Server 2019 NPS, please be aware their is a known bug that has not been fixed or patched as of the June 2020 roll-up.


The bug relates to the Windows Firewall and the NPS server role. Although adding the NPS server role creates the appropriate Windows Firewall rules, there is a bug with the IAS (NPS) service SID that prevents the Firewall service from properly targeting the IAS service. Thus, despite the rules being there, the traffic was still being blocked.


I was able to find a work around (thank you Google and all those that came before me).


From an elevated command prompt on the NPS server run the following command:


sc sidtype IAS unrestricted


Restart the server, and viola!


There is also a second workaround where the scope of the firewall rule is set to any service. If you prefer this method, it is referenced in the links below.


Resources & References:



Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.