NPS扩展失败:错误代码:: ESTS_TOKEN_ERROR [英] NPS Extension failing: ErrorCode:: ESTS_TOKEN_ERROR

问题描述

当尝试使用Azure MFA在具有NPS扩展名的RemoteDesktop Gateway上进行身份验证时，我始终收到以下错误代码.我已将试用版AAD P1添加到我的用户帐户，并启用了MFA(移动应用).通过使用该用户登录进行测试，然后进行所有工作 美好的.我收到的错误是:

I keep recieving the following errorcode when trying to authenticate on RemoteDesktop Gateway with NPS extension using Azure MFA. I have added a trial AAD P1 to my user account and enabled MFA (Mobile App). Testing by login in with this user and all works fine. The error i receive is:

用于Azure MFA的NPS扩展: CID:**********:用户的身份验证扩展中的异常***** \ ******** ::错误代码:: CID:********** ** ESTS_TOKEN_ERROR消息::验证客户端证书是针对您的租户和 服务器可以访问注册表STS_URL中的URL.向eSTS进行身份验证时出错:ErrorCode :: ESTS_TOKEN_ERROR Msg ::从请求句柄检索令牌详细信息时出错:-895352831输入ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827for详细的故障排除 脚步.输入ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827，以获取详细的故障排除步骤.

NPS Extension for Azure MFA:  CID: ********** :Exception in Authentication Ext for User *****\******** :: ErrorCode:: CID :************ ESTS_TOKEN_ERROR Msg:: Verify the client certificate is property enrolled in Azure against your tenant and the server can access URL in Registry STS_URL.Error authenticating to eSTS: ErrorCode:: ESTS_TOKEN_ERROR Msg:: Error in retreiving token details from request handle: -895352831 Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827for detailed TroubleShooting steps. Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827for detailed TroubleShooting steps.

我尝试使用以下页面进行故障排除，但是一切似乎都正常运行:https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension #疑难解答

I tried using the following page for troubleshooting but everything seems to be working properly: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension#troubleshooting

此错误没有很多解决方案.我在Azure MSDN环境中构建了所有这些以进行测试.

There are not many solutions to this error. I build all of this in my Azure MSDN environment to test. Could that be the issue?

推荐答案

When there is a certificate error like this, it often occurs if you have more than one certificate installed on the machine. Please ensure that you have the correct certificate installed on the NPS server and that you remove any unnecessary duplicates that can cause this issue.

运行以下命令:

Get-MsolServicePrincipalCredential -AppPrincipalId "enter app principal id number"
 -ReturnKeyValues 1

Remove-MsolServicePrincipalCredential -AppPrincipalId "enter
 app principal id number" -KeyIds 72cc35ef-af6d-404a-8d81-0044030c2994 

仔细检查并删除所有重复项，然后将正确的证书重新安装在机器.

Go through and remove any duplicates and then reinstall the correct certificate on the machine.

要检查的其他几项:

1.请确保您仅使用身份验证器应用程序MFA或电话MFA，因为短信对此不起作用.

2.请检查NPS和RD网关计算机上的日志，以验证发生此错误的身份验证阶段.

1. Please ensure you are only using either authenticator app MFA or phone call MFA, as text message will not work for this.

2. Please check the logs on both the NPS and the RD Gateway machine to verify the authentication stage where this error occurs. 

3.确保您使用的是NPS扩展安装程序中提到的版本 本指南.这是NpsExtnForAzureMfaInstaller.exe&pb

3. Ensure that you are using the version of the NPS extension installer referred to in this guide. This is the NpsExtnForAzureMfaInstaller.exe 

其他一些指南使用的安装程序版本不同，可能会导致某些损坏错误.

Some of the other guides use a different version of the installer that can cause some corruption errors. 

这篇关于NPS扩展失败:错误代码:: ESTS_TOKEN_ERROR的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！