问题描述

大家好，

我试图弄清楚这一点，以便使用Cisco VPN设置Azure MFA。如果没有NPS扩展，用户可以通过NPS进行身份验证并连接到Cisco VPN。只要我启用NPS扩展，连接总是失败。 NPS日志显示："
请求被第三方扩展DLL文件丢弃。 "我怀疑NPS扩展无法将UPN传递给AAD。这是消息在  IAS日志：

I was trying to figure out this in order to setup Azure MFA with Cisco VPN. Without NPS extension, user can authenticate with NPS and connect to Cisco VPN. As long as I enabled NPS extension, connection always failed. The NPS logs says: "The request was discarded by a third-party extension DLL file. " I suspected NPS extension wasn't able to pass the UPN to the AAD. Here is message in  the IAS log:

"DEV-NPS1"，"IAS"，03/27 / 201,10：58：15,1，"jane"， "ADDEV \ _jane"，xxxx ...

"DEV-NPS1", "IAS",03/27/201,10:58:15,1,"jane","ADDEV\jane",x.x.x.x…

"DEV-NPS1"，"IAS"，03/27 / 201,10：58：15,2 ,," ADDEV \ _jane" ,,, ...

"DEV-NPS1", "IAS",03/27/201,10:58:15,2,,"ADDEV\jane",,,…

我不应该认为第二行是"DEV-NPS1"，"IAS"，03/27 / 201,10 ：58：15,2 ,, ,,, ......？

Shouldn't I suppose to see the 2nd line as "DEV-NPS1", "IAS",03/27/201,10:58:15,2,,[email protected],,,… ?

这是事件视图中的NPS 日志：

This is NPS logs in the eventview:

网络策略服务器 丢弃了请求 用户。

Network Policy Server discarded the request for a user.

用户：

     安全ID：          NULL SID

      Security ID:          NULL SID

     帐户名称：    简

      Account Name:     Jane

     帐户域名：  AD

      Account Domain:  AD

      完全合格的帐户名称：      addev \ jane

      Fully Qualified Account Name:      addev\Jane

我想知道成功的MFA身份验证和NPS扩展后的日志是什么样的。如果有人可以与我分享，我将不胜感激。

I wonder what the log looks like with a successful MFA authentication with NPS extension. I would appreciate if someone can share with me.

问候

推荐答案

对不起，您遇到了这个问题！ 

Sorry you are having this problem! 

以下是您可以尝试的一些事项：

Here are some things you can try:

1 。安装所有Windows更新。 （如果您有等待安装的更新，有时会发生这种情况。）

1. Install all Windows updates. (sometimes this can happen if you have updates waiting to install.)

2。确保使用正确的NPS安装程序。有一个糟糕的人流了一段时间，有时会导致DLL错误，但好的是
。

2. Make sure that you are using the right NPS installer. There was a bad one floating around for a while that sometimes resulted in DLL errors, but the good one ishere.

3。确保所有证书都是最新的，并且没有安装重复的证书。检查DC证书是否是最新的。 

3. Make sure that all certificates are up to date and that there are no duplicate certificates installed. Check that the DC certificate is up to date. 

由于您的问题，这里有一个成功验证的日志：

Since you asked, here is a log of what a successful authentication looks like:

这篇关于Azure with VPN：NPS身份验证不会返回帐户名称的UPN的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！