I verified on 10.0.0.15 & 10.0.0.16 that NPS is running on UDP 1812.

Also checked the config file on the RADIUS server 10.0.0.17 when Duo Proxy server is installed that its set to port 1812 for both 10.0.0.15 & 10.0.0.16.  I'm able to ping both NPS servers from the RADIUS server.

No other changes were made except adding .com to users only.  Domain and admin account is still .local as before.

The RADIUS stopped working once the UPN .com were added to users, but the confusing part is that I'm using my admin account on .local as before, so it should be working.  I also checked NPS and its set to ports 1812 / 1813.

>This may also happen if the upstream RADIUS Server does not support the Status-Server message

NPS in fact does not support the Status-Server message. So you can ignore that output from the connectivity tool; that particular test won't ever succeed against NPS.

Enable debug in your authproxy.cfg (add a [main] section at the top if it doesn't exist, and in that section add the line debug=true), cycle the Duo Authentication Proxy service, and try your auth again. After, check the debug-level output in authproxy.log to see what's happening to the login requests coming from your Aruba.

I also double checked the NPS settings and they're all correctly pointing to the right ports 1812, 1813, also to right AD security groups.  Same as before.

I should mention that on server 10.0.0.17, we have Duo Authentication Proxy running, and 2 weeks ago also Azure AD.

Not sure if that would cause any issues.

We have RADIUS, LDAP Proxy and RDP applications in Duo.  Only RDP works now because we have the Duo MFA installed in our workstations.

Just to make sure I understand how this works, does LDAP Proxy and RADIUS connect to Duo cloud and back to authenticate.  What about RDP?  Does it communicate to Duo cloud, or the local Duo Proxy server for authentication?

I deleted the log file.

Thanks, I'll do a wireshark capture. I noticed that I'm getting this in the Windows event viewer when I try to login.

Eap method DLL path name validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

This is the log from Duo when I tried to login. Same time as from the event viewer error above.

• 10.0.0.166 is my computer
• 10.0.0.3 is the switch
• 10.0.0.17 is the radius server, where Duo Proxy is installed

• The 2 DCs where NPS is 10.0.0.15 & 10.0.0.16 I expect them to be here, but I don't see it.

"REI-DC01","IAS",05/26/2024,18:57:16,1,"admin","company\admin",,"10.0.0.166",,,"Ridge-Core-48","10.0.0.3",,0,"10.0.0.17","REI-Util01",,,5,,,7,5,"SwitchRadiusAuth",0,"311 1 10.0.0.15 05/26/2024 22:33:05 1",,,,,,,,,,,,,,,,,,,,,,,,,,,,,184549376,,,,,"SwitchAdminAuthCRP",1,,,,
"REI-DC01","IAS",05/26/2024,18:57:16,11,,"company\admin",,,,,,,,0,"10.0.0.17","REI-Util01",,,,,,,5,"SwitchRadiusAuth",0,"311 1 10.0.0.15 05/26/2024 22:33:05 1",60,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"SwitchAdminAuthCRP",1,,,,
"REI-DC01","IAS",05/26/2024,18:57:16,1,"admin","company\admin",,"10.0.0.166",,,"Ridge-Core-48","10.0.0.3",,0,"10.0.0.17","REI-Util01",,,5,,,7,5,"SwitchRadiusAuth",0,"311 1 10.0.0.15 05/26/2024 22:33:05 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,184549376,,,,,"SwitchAdminAuthCRP",1,,,,
"REI-DC01","IAS",05/26/2024,18:57:16,3,,"company\admin",,,,,,,,0,"10.0.0.17","REI-Util01",,,,,,,5,"SwitchRadiusAuth",22,"311 1 10.0.0.15 05/26/2024 22:33:05 2",,,,"",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"SwitchAdminAuthCRP",1,,,,

I entered ip.addr == 10.0.0.17 on Wireshark, and entered the secret key in preferences, radius.

When I login to the switch, I see nothing on Wireshark.