适用于Azure MFA的NPS扩展随机不适用于某些位置的某些用户 [英] NPS Extension for Azure MFA randomly not working for certain users on certain locations
问题描述
有一个奇怪的问题.我们已经在本地NPS服务器上通过NPS扩展实现了Azure MFA,并将我们的广告与Azure同步.我们正在将其用于RD网关MFA安全性,并已在多个运行良好的位置对其进行了测试.
Having a weird issue. We've implemented Azure MFA via NPS Extension on an on premise NPS Server and have our AD synced up with Azure. We're using it for RD Gateway MFA security and testing it via multiple locations it's been working pretty good.
最初,我们让用户通过电话验证MFA触发,但已将这些客户端的MFA触发切换到Microsoft Authenticator App.
Initially we had our users verify MFA trigger via phone call but switched it over to the Microsoft Authenticator App for those clients.
我们遇到的问题是随机的,用户将报告他们通过RDGateway登录,他们获得了身份验证器应用验证提示,他们批准了该提示,直到在RDGateway中出现60秒超时之后,一切都没有发生.
The problem we're having is randomly, users will report that they go to login via RDGateway, they get the authenticator app verification prompt, they approve it and then nothing happens till the 60 second timeout kicks on in RDGateway.
查看带有MFA NPS扩展的NPS服务器上的事件日志,我发现发生以下错误.
Looking at the event log on our NPS Server with the MFA NPS Extension, I see the following errors happen.
1)Azure MFA的NPS扩展:用户的身份验证扩展中的异常错误代码:: REQUEST_FORMAT_ERROR消息::如果没有用户名属性,则无法处理请求.
1) NPS Extension for Azure MFA: Exception in Authentication Ext for User ErrorCode:: REQUEST_FORMAT_ERROR Msg:: Request cannot be processed without userName Attribute.
2)Azure MFA的NPS扩展:Radius请求缺少NAS标识符和Nas IpAddress属性.建议填充这些字段中的至少一个.这不是错误.
2) NPS Extension for Azure MFA: Radius request is missing NAS Identifier and Nas IpAddress attribute.Populating atleast one of these fields is recommended.This is not an error.
即使MFA请求通过并且客户端能够继续,这些错误也会发生.查看NPS扩展的疑难解答部分,发现如果将扩展安装在RRAS或RDGateway上,通常会发生REQUEST_FORMAT_ERROR 服务器在我们的情况下不是.我们的RDGateway服务器与具有MFA NPS扩展功能的NPS服务器位于不同的服务器上.
These errors also happen even if the MFA request goes through and the client is able to proceed. Looking at the troubleshooting section of the NPS Extension show that REQUEST_FORMAT_ERROR usually happens if the extension is installed on an RRAS or RDGateway server which in our case is not. Our RDGateway Server sits on a different server than the NPS Server with MFA NPS Extension.
任何帮助将不胜感激.
推荐答案
问题的发生本质上是断断续续的.因此,我们需要对此进行进一步调查以找到问题的根本原因,并且需要进行大量的故障排除.论坛不是处理此类问题的正确渠道.推荐你 通过创建技术支持票证与我们联系.让我们知道您是否需要任何帮助来创建支持请求.
The occurrence of the issue is intermittent in nature. So, we need to investigate this further to find the root cause of the issue and it requires extensive troubleshooting. Forum is not the right channel to handle these kind of issues. Recommend you to contact us by creating a technical support ticket. Let us know if you need any help creating a support request.
这篇关于适用于Azure MFA的NPS扩展随机不适用于某些位置的某些用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
