We were trying to implement NPS extension for MFA, but having issues so uninstalled NPS extension restarted NPS service and were back to normal VPN operation. After doing this again yesterday, VPN stops working and we are getting the below in logs. I removed and recreated the VPN settings in NPS with no change. Any thoughts?
***** = Redacted Info
____________________
____________________
Solved! Go to solution.
Can disregard, we resolved the issue by moving the ias.xml file and allowing NPS to build a new config and reconfigured from scratch. Something in the old config was causing issues.
Can disregard, we resolved the issue by moving the ias.xml file and allowing NPS to build a new config and reconfigured from scratch. Something in the old config was causing issues.
Just to forewarn you - my experience is that the NPS extension tends to break 1 to 2 times per year. It's really hard to fix as well as the logging is poor.
I'm going to guess you want to do this for client VPN?
If so, I strongly recommend you use AnyConnect with SAML authentication against Azure AD instead.
https://documentation.meraki.com/MX/Client_VPN/AnyConnect_on_the_MX_Appliance/Authentication
If you *really* want to use the Windows client VPN, then I suggest using Duo for MFA instead.
Still need DUO for MFA with AnyConnect though correct?
You don't require Duo if you authenticate directly against AzureAD using SAML with Cisco AnyConnect.