[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4479
  • Last Modified:

'Ignore user dial-in properties' setting is ignored?

Our environment is configured using NPS to authenticate our wireless connections according to machine domain membership.  For whatever reason, many of my users cannot connect, and the NPS server throws this log:

Reason Code:                  65
      Reason:                        The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.

So, logically, I went in to my policy (and the other 2 default policies), and set them all to "Ignore user's dial-in properties' in the overview tab.  However, they still cannot connect unless I explicitly set their account to Allow Access under the Network Access Permission tab of their account settings.  99% of my auser accounts are already configured to "Control access through NPS Network Policy" and it would be annoying to change them all by hand.  Is there a setting that I'm missing?
1 Solution
Craig BeckCommented:
Restart the NPS server - not the service, the actual server.

Also, what's the domain functional level?

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now