An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

Written by paris on . Posted in Research

Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend

Disable NPS MFA Extension

  1. Stop the Network Policy Server Service
  2. Create a backup of the key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters’
  3. Remove the values inside this key (DO NOT the Parameters key itself)
  4. Start the Network Policy Server Service

To Re-Enable the NPS MFA Extension

  1. Stop the Network Policy Server Service
  2. Import the backup of the key ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters’
  3. Start the Network Policy Server Service

 

You can always uninstall  NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request., Azure, mfa, NPS Extension

Trackback from your site.