Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend

Disable NPS MFA Extension

1. Stop the Network Policy Server Service
2. Create a backup of the key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters’
3. Remove the values inside this key (DO NOT Remove the Parameters key itself)
4. Start the Network Policy Server Service

To Re-Enable the NPS MFA Extension

1. Stop the Network Policy Server Service
2. Import the backup of the key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters’
3. Start the Network Policy Server Service

 

You can always uninstall  NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

Tags: An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request., Azure, mfa, NPS Extension

Trackback from your site.