hi out there
I have a small problem where I try to autheticate a AnyConnect client trough a ASA agains a Microsoft 2016 NPS server with MFA extensions enabled.
I hit my Network Polici etc - but whatever I try the NPS refuses to authenticate my account and returns simply:
NPS Extension for Azure MFA: NPS Extension for Azure MFA only performs Secondary Auth for Radius requests in AccessAccept State.
Request received for User John with response state AccessReject, ignoring request.
The NPS is defined as a std Radius server with MFA extension - if I permit access without authentication in the Connection Request Policy the MFA
extension nicely prompts for permission on my smartphone and the AnyConnect client connects.
There isnt that much I can configure on the Cisco ASA regarding the AAA Radius server - more or less just enable support for MS CHAPv2 or not...
I am out of ideas right now - what can cause a NPS server to refuse authentication from a Cisco ASA?
Can you share a screenshot of your Connection request policy and Network Policy on the NPS? An example on how to set up the NPS bit is given here:
I am also experiencing this issue. I've tried everything I've found via google and nothing's working. Love to know what I'm missing.
I had a similar issues setting up AnyConnect with Azure MFA. Follow the link in @Rahul Govindan post to setup NPS without the Azure MFA extensions installed. Once you have that working, follow the link below regarding installing the MFA NPS Extension.
hi - was from my side just a matter of the permitted protocols - have you solved your problem ? if not try to share a screenshot of the different policysettings - then can we probably quickly help you