<div>
You nearly never need to configure a Connection Request Policy. All that does is tell the NPS whether it will process the request, or forward it elsewhere. The default is to process the request itself.<br><br>The Network Access Policy is the important bit. You need to set the conditions and constraints according to the security groups you want to check against and the protocols you want to allow.
</div>


arnold

<div>
Hi some one,<br>ok, I ask confirm. When I see:<br><br><pre><code class="code-1 nolinks" id="code-20-43300838-1"><span>Network policy: -</span>
</code></pre><br>this means that authentication doesn't match any criteria, correct?<br>Basically there is an error in my costraints?<br><br>
</div>


<div>
Can you post a log please? Use the Event Viewer to view the Custom Views then click on Network Policy And Access Services log.
</div>


<div>
Sorry. I just discovered that pre shared key was incorrect.<br>There was absolutely <strong>no way</strong> to see any indication about wrong psk in event viewer.<br>Windows logging is very poor in that case.<br><br>
</div>


<div>
<div class="content wysiwyg-content fr-view">
Hi, I am trying to fix Active Directory authentication for my VPN users.<br>I have two DC (windows 2019 and 2008). The 2008 DC is working fine.<br>I strictly followed firewall's documentation on how to set NPS on Windows.<br>Both settings are identical on both NPS.<br><br>Anyway, it seems that connection request policy is not matched on windows 2019.<br>Condition is built with:<pre><code class="code-1 nolinks" id="code-10-29217968-1"><span>Users group: "MYCOMPANY\VPN"</span>
<span>Authentication type: PAP (as stated in FW's documentation)</span>
</code></pre>If I try to capture network traffic dump with Wireshark, I notice a strange error related to LDAP (I am translating from italian original message):<br><br><pre><code class="code-1 nolinks" id="code-10-29217968-2"><span>CN: object not authorized replica password read only controller</span>
</code></pre>besides of this, it seems that the two DCs are fine: if I create a test user on DC 2008, it is visible even in windows 2019 and viceversa. So I don't figure the reason of "read only controller" issue.<br>Any suggestion on how to better troubleshoot this?<br>Thank you!
</div>
</div>



Hi, I am trying to fix Active Directory authentication for my VPN users.
I have two DC (windows 2019 and 2008). The 2008 DC is working fine.
I strictly followed firewall's documentation on how to set NPS on Windows.
Both settings are identical on both NPS.
Anyway, it seems that connection request policy is not matched on windows 2019.
Condition is built with:
Users group: "MYCOMPANY\VPN"
Authentication type: PAP (as stated in FW's documentation)
If I try to capture network traffic dump with Wireshark, I notice a strange error related to LDAP (I am translating from italian original message):
CN: object not authorized replica password read only controller
besides of this, it seems that the two DCs are fine: if I create a test user on DC 2008, it is visible even in windows 2019 and viceversa. So I don't figure the reason of "read only controller" issue.
Any suggestion on how to better troubleshoot this?
Thank you!

Help troubleshooting Network Policy Server on 2019 (again)

Windows Server 2019

Networking is the process of connecting computing devices, peripherals and terminals together through a system that uses wiring, cabling or radio waves that enable their users to communicate, share information and interact over distances. Often associated are issues regarding operating systems, hardware and equipment, cloud and virtual networking, protocols, architecture, storage and management.

Networking

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Troubleshooting is a problem-solving process of evaluating faults that occur in a mechanical or electronic system. Steps often include recreating the problem and then trying alternative and creative solutions in order to fix the situation. Troubleshooting is deployed when software or hardware are rendering abnormal responses or remain unresponsive.