You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardexpand all lines: articles/multi-factor-authentication/multi-factor-authentication-nps-errors.md
+4-1
Original file line number
Diff line number
Diff line change
@@ -33,9 +33,12 @@ If you encounter errors with the NPS extension for Azure Multi-Factor Authentica
33
33
|**HTTP_CONNECT_ERROR**| On the server that runs the NPS extension, verify that you can reach https://adnotifications.windowsazure.com and https://login.microsoftonline.com/. If those sites don't load, troubleshoot connectivity on that server. |
34
34
|**REGISTRY_CONFIG_ERROR**| A key is missing in the registry for the application, which may be because the [PowerShell script](multi-factor-authentication-nps-extension.md#install-the-nps-extension) wasn't run after installation. The error message should include the missing key. Make sure you have the key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AzureMfa. |
35
35
|**REQUEST_FORMAT_ERROR** <br> Radius Request missing mandatory Radius userName\Identifier attribute.Verify that NPS is receiving RADIUS requests | This error usually reflects an installation issue. The NPS extension must be installed in NPS servers that can receive RADIUS requests. NPS servers that are installed as dependencies for services like RDG and RRAS don't receive radius requests. NPS Extension does not work when installed over such installations and errors out since it cannot read the details from the authentication request. |
36
-
|**REQUEST_MISSING_CODE**|If SMS or Oath tokens are used for the secondary authentication method, then the password ecryption protocol between NPS and Nas servers must be PAP. The NPS extension does not support other password encryption methods at this point.|
36
+
|**REQUEST_MISSING_CODE**|Make sure that the password encryption protocol between the NPS and NAS servers supports the secondary authentication method that you're using. **PAP** supports all the authentication methods of Azure MFA in the cloud: phone call, one-way text message, mobile app notification, and mobile app verification code. **CHAPV2** and **EAP**support phone call and mobile app notification. Two-way text message is not supported by any encryption protocol. |
37
37
|**USERNAME_CANONICALIZATION_ERROR**| Verify that the user is present in your on-premises Active Directory instance, and that the NPS Service has permissions to access the directory. If you are using cross-forest trusts, [contact support](#contact-microsoft-support) for further help. |
Copy file name to clipboardexpand all lines: articles/multi-factor-authentication/multi-factor-authentication-nps-extension.md
+2-2
Original file line number
Diff line number
Diff line change
@@ -102,7 +102,7 @@ If you need to kick off a new round of synchronization, us the instructions in [
102
102
There are two factors that affect which authentication methods are available with an NPS extension deployment:
103
103
104
104
1. The password encryption algorithm used between the RADIUS client (VPN, Netscaler server, or other) and the NPS servers.
105
-
-**PAP** supports all the authentication methods of Azure MFA in the cloud: phone call, text message, mobile app notification, and mobile app verification code.
105
+
-**PAP** supports all the authentication methods of Azure MFA in the cloud: phone call, one-way text message, mobile app notification, and mobile app verification code.
106
106
-**CHAPV2** and **EAP** support phone call and mobile app notification.
107
107
2. The input methods that the client application (VPN, Netscaler server, or other) can handle. For example, does the VPN client have some means to allow the user to type in a verification code from a text or mobile app?
108
108
@@ -168,7 +168,7 @@ This section includes design considerations and suggestions for successful NPS e
168
168
- The NPS extension for Azure MFA does not include tools to migrate users and settings from MFA Server to the cloud. For this reason, we suggest using the extension for new deployments, rather than existing deployment. If you use the extension on an existing deployment, your users will have to perform proof-up again to populate their MFA details in the cloud.
169
169
- The NPS extension uses the UPN from the on-premises Active directory to identify the user on Azure MFA for performing the Secondary Auth. The extension cannot be configured to use a different identifier like alternate login ID or custom AD field other than UPN.
170
170
- Not all encryption protocols support all verification methods.
171
-
-**PAP** supports phone call, text message, mobile app notification, and mobile app verification code
171
+
-**PAP** supports phone call, one-way text message, mobile app notification, and mobile app verification code
172
172
-**CHAPV2** and **EAP** support phone call and mobile app notification
0 commit comments