Hello...I have been working with Duo support on this, and we are at the point where they have told me to start investigating on the MS side.
I am currently running a Radius server for my company on a Windows 19 VM by using the Network Policy Server role . It is separate from my DC's. I am using this server to provide Radius authentication for various pieces of equipment through out my environment. I have successfully configured it to authenticate logins on our Cisco routers and switches. We are now to the point where we would also like to leverage Duo MFA on these logins.
I have set up a Duo Radius Proxy server on one of my DC's that takes the Radius request from a Cisco device and passes that request to The NPS server. The problem I am running into is these Radius requests are being rejected with access-reject packets, and I cannot figure out why. The key and username/passwords are all verified correct as I can use the same cisco device and credentials to hit the NPS server directly with the radius request and it processes fine. Something is going on with the Duo request being sent. The event log is little help and I cannot figure out how to gain relevant information on why these requests are being rejected. I can provide screen shots and examples of my NPS and Duo setup if needed.