Avatar of Armitage318

asked on 

Help troubleshooting Network Policy Server on 2019 (again)

Hi, I am trying to fix Active Directory authentication for my VPN users.
I have two DC (windows 2019 and 2008). The 2008 DC is working fine.
I strictly followed firewall's documentation on how to set NPS on Windows.
Both settings are identical on both NPS.

Anyway, it seems that connection request policy is not matched on windows 2019.
Condition is built with:
Users group: "MYCOMPANY\VPN"
Authentication type: PAP (as stated in FW's documentation)

Open in new window

If I try to capture network traffic dump with Wireshark, I notice a strange error related to LDAP (I am translating from italian original message):

CN: object not authorized replica password read only controller

Open in new window

besides of this, it seems that the two DCs are fine: if I create a test user on DC 2008, it is visible even in windows 2019 and viceversa. So I don't figure the reason of "read only controller" issue.
Any suggestion on how to better troubleshoot this?
Thank you!
Windows Server 2019NetworkingActive DirectoryTroubleshooting

Avatar of undefined
Last Comment

8/22/2022 - Mon