Azure MFA NPS extension: The request was discarded by a third-party extension DLL file

02/02/2021 0 Comments

Azure, Security, Sophos Firewall

This one, wow what a pain in the a******

It took me hours to finally debug this issue.

Had setup NPS on a Windows 2019 server, like many times before, registered it in the Active Directory, and installed the Use Azure AD Multi-Factor Authentication with NPS – Azure Active Directory | Microsoft Docs” plugin, setup the policies in NPS and all good, then I setup my radius client device, in this example a Sophos XG firewall, but no! – nothing worked, after som debugging I saw this on the Windows server event log:

So it was clear that the NPS extension module rejected it, but why?

Luckily this guy at “Sergii’s Blog” did some debugging with the extension in some other matters, and he found out why:

Looking at Azure AD portal – go to Enterprise Applications – Change the Application Type to All, search for Azure Multi-Factor Auth Connector and Azure Multi-Factor Auth Client, you will find theese guys:

in my example the ” Azure Multi-Factor Auth Client” was disabled, did not know why!!:

Just enable and save, check the other multifactor also. Right after this, the NPS MFA Extention worked perfectly.

Many many thanks to “Sergii’s Blog” for pointing in the right direction 🙂

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close