{"id":4337,"date":"2019-10-28T05:34:59","date_gmt":"2019-10-28T05:34:59","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=4337"},"modified":"2023-07-10T10:53:27","modified_gmt":"2023-07-10T10:53:27","slug":"an-nps-extension-dynamic-link-library-dll-that-is-installed-on-the-nps-server-rejected-the-connection-request","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/an-nps-extension-dynamic-link-library-dll-that-is-installed-on-the-nps-server-rejected-the-connection-request","title":{"rendered":"An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request."},"content":{"rendered":"\n<p>Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log<\/p>\n\n\n\n<p><strong>An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.<\/strong><\/p>\n\n\n\n<p>I recommend<\/p>\n\n\n\n<p>You\u2019ll find the logs you need on your NPS server under<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Custom Views -&gt; Server Roles -&gt; Network Policy and Access Services<\/li>\n<\/ul>\n\n\n\n<p>This is for the radius request\/responses with accept\/rejects.<\/p>\n\n\n\n<p>If you see a reason \u201cThe request was discarded by a third-party extension DLL file.\u201d You need to dig into the extension logs.<\/p>\n\n\n\n<p><strong>Number matching<\/strong><\/p>\n\n\n\n<p>MS has decided to enforce number matching in the newer versions of its NPS extension , so if you download the latest or upgrade an existing one to new version any authentication without number matching will fail<\/p>\n\n\n\n<p>you&#8217;ll need to add a REG key to override it<\/p>\n\n\n\n<p>Location:HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\AzureMfa<\/p>\n\n\n\n<p>Create String record:&nbsp;<\/p>\n\n\n\n<p>OVERRIDE_NUMBER_MATCHING_WITH_OTP \u00a0Value: False<\/p>\n\n\n\n<p>NPS start working after a reboot<\/p>\n\n\n\n<p><strong>Disable NPS MFA Extension<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Stop the Network Policy Server Service<\/li>\n\n\n\n<li>Create a backup of the key \u2018HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AuthSrv\\Parameters\u2019<\/li>\n\n\n\n<li>Remove the values inside this key (<strong>DO NOT Remove the Parameters key itself)<\/strong><\/li>\n\n\n\n<li>Start the Network Policy Server Service<\/li>\n<\/ol>\n\n\n\n<p><strong>To Re-Enable the NPS MFA Extension<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Stop the Network Policy Server Service<\/li>\n\n\n\n<li>Import the backup of the key \u2018HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\AuthSrv\\Parameters\u2019<\/li>\n\n\n\n<li>Start the Network Policy Server Service<\/li>\n<\/ol>\n\n\n\n<p>You can always uninstall&nbsp;&nbsp;<strong>NPS Extension for Azure MFA Plugin&nbsp;<\/strong><\/p>\n\n\n\n<p>Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).<\/p>\n\n\n\n<p>Once this is fixed you can reinstall the Plugin and re-authenticate it<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Application and Services Logs -&gt; Microsoft -&gt; AzureMfa &nbsp;-&gt; AuthZ and AuthN<\/li>\n<\/ul>\n\n\n\n<p>This contains all the 2fa details and will show you everything from challenges being sent to mfa timeouts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[3072,1464,2950,3073,3662],"class_list":["post-4337","post","type-post","status-publish","format-standard","hentry","category-research","tag-an-nps-extension-dynamic-link-library-dll-that-is-installed-on-the-nps-server-rejected-the-connection-request","tag-azure","tag-mfa","tag-nps-extension","tag-the-request-was-discarded-by-a-third-party-extension-dll-file"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4337","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=4337"}],"version-history":[{"count":5,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4337\/revisions"}],"predecessor-version":[{"id":7154,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/4337\/revisions\/7154"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=4337"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=4337"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=4337"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}