'Ignore user dial-in properties' setting is ignored?

Posted on 2011-04-21
Last Modified: 2014-04-16
Our environment is configured using NPS to authenticate our wireless connections according to machine domain membership.  For whatever reason, many of my users cannot connect, and the NPS server throws this log:

Reason Code:                  65
      Reason:                        The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

So, logically, I went in to my policy (and the other 2 default policies), and set them all to "Ignore user's dial-in properties' in the overview tab.  However, they still cannot connect unless I explicitly set their account to Allow Access under the Network Access Permission tab of their account settings.  99% of my auser accounts are already configured to "Control access through NPS Network Policy" and it would be annoying to change them all by hand.  Is there a setting that I'm missing?
Question by:sbumpas
    1 Comment
    LVL 44

    Accepted Solution

    Restart the NPS server - not the service, the actual server.

    Also, what's the domain functional level?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Suggested Solutions

    Title # Comments Views Activity
    Event 1008, Perflib 2 28
    repadmin and dcdiag syntax 1 31
    Best Access Point Device 25 46
    UNIX SCP 5 27
    Working settings for French ISP Orange "Prêt à Surfer" SIM cards for data connections only. Can't be found anywhere else !
    This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
    This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now