troubleshooting Question

Help troubleshooting Network Policy Server on 2019 (again)

Avatar of Armitage318
Armitage318 asked on
NetworkingActive DirectoryTroubleshootingWindows Server 2019
5 Comments1 Solution23 ViewsLast Modified:
Hi, I am trying to fix Active Directory authentication for my VPN users.
I have two DC (windows 2019 and 2008). The 2008 DC is working fine.
I strictly followed firewall's documentation on how to set NPS on Windows.
Both settings are identical on both NPS.

Anyway, it seems that connection request policy is not matched on windows 2019.
Condition is built with:
Users group: "MYCOMPANY\VPN"
Authentication type: PAP (as stated in FW's documentation)
If I try to capture network traffic dump with Wireshark, I notice a strange error related to LDAP (I am translating from italian original message):

CN: object not authorized replica password read only controller
besides of this, it seems that the two DCs are fine: if I create a test user on DC 2008, it is visible even in windows 2019 and viceversa. So I don't figure the reason of "read only controller" issue.
Any suggestion on how to better troubleshoot this?
Thank you!

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros