Issue with RADIUS authentication for some users

Occasional Contributor
Hi,
 
We have an issue with a small number of users that are unable to authenticate via the Network Policy Server we have created in Windows Server 2016.  We use this along with our Watchguard Firewall to authenticate staff on the SSL VPN with 2FA.  This works fine for 99% of staff, we just have a couple of staff that are unable to connect, the NPS server just rejects them all of the time.  We have multiple firewalls and multiple NPS servers (local to each site) and each acts the same - these couple of users are rejected.
 
To explain in more detail this is what occurs.
 
  1. User logs into the VPN from their laptop
  2. the firewall is linked to our NPS service on Windows 2016 server
  3. user is a member of the group and is authenticated
  4. response is sent to the users phone via the azure 2fa app
For the couple of users that cannot authenticate they are rejected at stage 2 - and we can see in the NPS logs that the names are displayed differently than the ones that can authenticate without any issue.  We cannot see any difference in the user accounts in AD or Azure.
The user accounts are not locked out, or expired or anything like that, using 2FA for Office 365 works fine for these users too.
 
As you can see from this extract from our NPS logs the user Jim.Morrison can authenticate successfully but the user Cat.Stevens is unable to authenticate and the only difference we can tell is how the names are displayed in this log.  Do you have any ideas how we can fix this and allow Cat to authenticate via NPS?
 
"NPS-SERVER","IAS",11/02/2021,10:42:59,1,"jim.morrison","domain.local/Moore and Smalley/Users/Preston/Corporate Finance/Jim Morrison",,,,,,"10.x.x.x",0,0,"10.x.x.x","Preston Firewall",,,,,,,8,"VPN Policy",0,"311 1 10.x.x.x 10/29/2021 18:02:44 2981",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"NPS-SERVER","IAS",11/02/2021,10:42:59,3,,"domain.local/Moore and Smalley/Users/Preston/Corporate Finance/Jim Morrison",,,,,,,,0,"10.x.x.x","Preston Firewall",,,,,,,8,"VPN Policy",21,"311 1 10.x.x.x 10/29/2021 18:02:44 2981",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"NPS-SERVER","IAS",11/02/2021,10:47:42,1,"cat.stevens","Domain\cat.stevens",,,,,,"10.x.x.x",0,0,"10.x.x.x","Preston Firewall",,,,,,,8,,0,"311 1 10.0.x.x 10/29/2021 18:02:44 2982",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"NPS-SERVER","IAS",11/02/2021,10:47:42,3,,"Domain\cat.stevens",,,,,,,,0,"10.x.x.x","Preston Firewall",,,,,,,8,,21,"311 1 10.x.x.x 10/29/2021 18:02:44 2982",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"NPS-SERVER","IAS",11/02/2021,10:48:37,1,"cat.stevens","Domain\cat.stevens",,,,,,"10.x.x.x",0,0,"10.x.x.x","Preston Firewall",,,,,,,8,,0,"311 1 10.x.x.x 10/29/2021 18:02:44 2983",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
"NPS-SERVER","IAS",11/02/2021,10:48:37,3,,"Domain\cat.stevens",,,,,,,,0,"10.x.x.x","Preston Firewall",,,,,,,8,,21,"311 1 10.x.x.x 10/29/2021 18:02:44 2983",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Use Windows authentication for all users",1,,,,
 
Firewall support says its not their problem, Microsoft say this is an on premise problem so go away (we don't pay for on prem support) so you are my last hope!
0 Replies