cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

trying to setup SSTP VPN (On premise) with Azure AD MFA

therealbassteijvers
Copper Contributor

‎Jul 01 2021 02:24 AM - last edited on ‎Jan 14 2022 03:26 PM by

‎Jul 01 2021 02:24 AM - last edited on ‎Jan 14 2022 03:26 PM by

trying to setup SSTP VPN (On premise) with Azure AD MFA

i'm trying to setup azure AD MFA for an onpremise SSTP VPN setup. But I't doesn't work.. User gets a timeout when I switch authentication from windows authentication to radius server (a seperate server with NPS that has the Azure NPS addon installed).

When checking with a powershell script, I keep getting a message that the license is not appropriate. However the users has both a Microsoft 365 Business Standard as well as a Azure AD Premium P1 assigned.
--
User anakin@somedomain.com has not a valid license for MFA, it's a warning message to be legal from licensing side... Test FAILED
Test will continue to detect additional issue(s), Please make sure to assign a valid MFA License for the user (AD Premium, EMS or MFA standalone license
--


What am I missing here... Health check transscript below...


start Running the tests...

Checking if anakin@somedomain.com is EXIST in Azure AD ...

User anakin@somedomain.com is EXIST in Azure AD... TEST PASSED

Checking if anakin@somedomain.com is SYNED to Azure AD from On-premises AD ...

User anakin@somedomain.com is SYNCED to Azure AD ... Test PASSED

Checking if anakin@somedomain.com is BLOCKED to sign in to Azure AD or Not ...

User anakin@somedomain.com is NOT BLOCKED to sign in to Azure AD ... Test PASSED

Checking if anakin@somedomain.com is HEALTHY in Azure AD or Not ...

User anakin@somedomain.com status is HEALTHY in Azure AD ... Test PASSED

Checking if anakin@somedomain.com already completed MFA Proofup in Azure AD or Not ...

User anakin@somedomain.com Completed MFA Proofup in Azure AD with PhoneAppNotification as a Default MFA Method ... Test PASSED

Checking if anakin@somedomain.com has a valid license for MFA ...

User anakin@somedomain.com has not a valid license for MFA, it's a warning message to be legal from licensing side... Test FAILED
Test will continue to detect additional issue(s), Please make sure to assign a valid MFA License for the user (AD Premium, EMS or MFA standalone license

Checking the Dial-In status for anakin@somedomain.com in local AD

User anakin@somedomain.com Allowed for Network Access Permission in local AD ... Test PASSED
Refer to https://docs.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-np-access for more infor about this option


Check Completed, please fix any issue run the test again, if no issues found please contact MS support

PS C:\beheer\Azure_MFA_NPS_extension_health_check_script>




3,890 Views
0 Likes
1 Reply
Reply
1 Reply
pvanberlo

‎Jul 03 2021 12:42 AM

‎Jul 03 2021 12:42 AM

Re: trying to setup SSTP VPN (On premise) with Azure AD MFA

My gut feeling tells me these are potentially two separate issues. The script telling you the user is not licensed may just as well be an error in the script. Having Azure AD Premium P1 is sufficient for this functionality.

That leaves a timeout issue, and I'm afraid I can't tell you much more about how to resolve this. You could check the settings of the RADIUS server to see if the timeouts can be extended. Also, there's the troubleshooting section available at https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-vpn#t....
0 Likes
Reply