Home

Basic Question on NPS Deployment

%3CLINGO-SUB%20id%3D%22lingo-sub-773697%22%20slang%3D%22en-US%22%3EBasic%20Question%20on%20NPS%20Deployment%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-773697%22%20slang%3D%22en-US%22%3E%3CP%3EI%20am%20deploying%20NPS%20on%20a%202012R2%20AD%20Domain%20Controller%20to%20use%20for%20authenticating%20VPN%20clients%20from%20a%20Cisco%20ASA.%20I%20installed%20the%20NPS%20role%2C%20and%20imported%20a%20configuration%20that%20I%20got%20from%20an%20old%20IAS%20server.%20It%20seems%20to%20be%20working%20fine%2C%20but%20I%20have%20a%20couple%20questions%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20Since%20I%20have%20NPS%20installed%20on%20a%20domain%20controller%2C%20do%20I%20still%20need%20to%20do%20the%20%22Register%20in%20Active%20Directory%22%20thing%3F%20I%20have%20not%20done%20that%20yet%20as%20I%20thought%20that%20would%20only%20be%20required%20when%20running%20on%20a%20member%20server...%20but%20I%20want%20to%20confirm%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E2.%20On%20the%20NPS%20server%20properties%20(general%20tab)%2C%20I%20have%20selected%20to%20have%20both%20rejected%20and%20successful%20authentication%20requests%20recorded%20in%20the%20event%20log%20(which%20I%20believe%20is%20the%20default)%2C%20however%20I%20only%20see%20failed%20requests%20(Event%20ID%206273).%20Is%20there%20something%20else%20I%20need%20to%20do%3F%20These%20are%20in%20the%20Server%20Roles%20event%20log%20for%20%22Network%20Policy%20and%20Access%20Services%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETIA!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-773697%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
David Levine
Occasional Contributor

I am deploying NPS on a 2012R2 AD Domain Controller to use for authenticating VPN clients from a Cisco ASA. I installed the NPS role, and imported a configuration that I got from an old IAS server. It seems to be working fine, but I have a couple questions;

 

1. Since I have NPS installed on a domain controller, do I still need to do the "Register in Active Directory" thing? I have not done that yet as I thought that would only be required when running on a member server... but I want to confirm?

 

2. On the NPS server properties (general tab), I have selected to have both rejected and successful authentication requests recorded in the event log (which I believe is the default), however I only see failed requests (Event ID 6273). Is there something else I need to do? These are in the Server Roles event log for "Network Policy and Access Services"

 

TIA!