RD Gateway with Azure Multifactor Authentication Dont Work - RADIUS Proxy received a response from server with an invalid authenticator

-

hi all,

implemented rds lab 2 windows 2012 r2 servers:
- rd wa, rd gw , rd cb roles on rds-gw server (10.150.1.11)
- rd sh on rds-sh server (10.150.1.12)
no mfa authentication, rdweb access work well. when connect via rdweb test account , open remoteapp, rd gw verify cap policy, authenticate user verify rap policy , finaly app open.

next installed azure mfa server on rds-sh server implement multi-factor authentication. configured rd gw, nps , mfa servers following steps on http://www.rdsgurus.com/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ (step step – using windows server 2012 r2 rd gateway azure multifactor authentication).

now, when connect via rdweb , open remoteapp, after aproximadly 10 seconds receive mfa call on phone, reply # rdweb continues showing waiting window “starting…” , remote app don’t open. after 1 minute rdweb show message error indicating can’t connect remote computer. meanwhile after first call continue receiving more 3 calls mfa service.

tested mfa directly on mfa server , works same test account used on rdweb access.

aparently rd gateway forwards radius request through nps mfa server mfa perform 2 factor authentication sequence user (via phone call in case). user reply, mfa server apparently don’t send accept rd gateway expected.

firewalls on rds-gw , rds-sh server disabled. rds-gw server shows 4 times nps event id 28 “the radius proxy received response server 10.150.1.12 invalid authenticator.” , 1 time nps event id 38 “the remote radius server 10.150.1.12 has not responded 5 consecutive requests. server has been marked unavailable.”.

can’t figure out why doesn’t work.

help?

hi jay,

the following solved problem: 1 – remove rd gw rds farm; 2 – uninstall rd gateway role service; 3 – re-add rd gw on rds farm , configure (install certificates, configure cap , rap policies central server running nps); 4 – reinstall mfa server on same vm (rds-sh).

note: used have error “rd gateway: following error(s) occurred: unable update ias server configuration current configuration maybe in inconsistent state” when changing ip , shared secret of mfa server on option “central server running nps” (in rd gw manager). after reinstallation error gone.

best regards,

jg



Windows Server  >  Remote Desktop Services (Terminal Services)



Comments

Post a Comment

Popular posts from this blog

Error: 0x80073701 when trying to add Print Services Role in Windows 2012 Standard

-
hello, i'm getting error when trying add print services role in windows 2012 standard. i'm getting same error whether use gui or powershell. this new server install. the powershell error follows: add-windowsfeature : request add or remove features on specified server failed. installation of 1 or more roles, role services, or features failed. the referenced assembly not found. error: 0x80073701 at line:1 char:1 + add-windowsfeature print-services + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + categoryinfo          : invalidoperation: (@{vhd=; credent...name=localhost}:psobject) [install-windowsfeature],     exception     + fullyqualifiederrorid : dismapi_error__failed_to_enable_updates,microsoft.windows.servermanager.commands.addwind    owsfeaturecommand success restart needed exit code      feature result ------- -------------- ---------      -------------- false   no             failed         {} issue appreciated. hi, i think should st
Read more

Disconnecting from a Windows Server 2012 R2 file sharing session on a Windows 7,8,10 machine

-
i've been trying disconnect server while , haven't been able to. there quick way this? i've used net session , net user , work sometime never consistent. can task? hi yrusad, thanks post. does work when check “computer management > system tools > shared folders > open files/sessions”. directly manage from gui. and based on knowledge, quick way mentioned net session /delete /y. mean never consistent? best regards, mary please remember mark replies answers if , unmark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 General
Read more

Event ID 64,77,1008 Certificates Events Windows Server 2008, 2008R2

-
hi guys, i need event ids. event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? event id 77 - 1 strange me. warning , in same time don't see suspicious: "windows default" policy module logged following warning: active directory connection <domain controller name> has been reestablished <domain controller name>. have 4 dcs. should check or ignore these messages. event id 1008 - "certificate services client: credential roaming not performed because number of tokens in local store has exceeded limit." - i've checked articles credential roaming i'm not sure should do. if give tips , answers, great. in advance. hi, event id 64 clear - expired certificate. problem computers have new certificate ca of them keep old one. can remove them certificate store on computers or should check before? i assume these
Read more