Hi all,
I implemented a RDS lab with 2 Windows 2012 R2 Servers:
- RD WA, RD GW and RD CB roles on the RDS-GW Server (10.150.1.11)
- RD SH on RDS-SH Server (10.150.1.12)
With no MFA authentication, the RDWeb access work very well. When I connect via RDWeb with an test account and open an RemoteApp, the RD GW verify CAP policy, then authenticate the user then verify the RAP policy and finaly the app is open.
Next I installed Azure MFA Server on the RDS-SH server to implement Multi-Factor Authentication. I configured RD GW, NPS and MFA Servers following the steps on http://www.rdsgurus.com/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ (Step By Step – Using Windows Server 2012 R2 RD Gateway with Azure Multifactor Authentication).
Now, when I connect via RDWeb and open a RemoteApp, after aproximadly 10 seconds I receive the MFA call on my phone, I reply with # but RDWeb continues showing the waiting Window with “Starting…” and the remote app don’t open. After 1 minute RDWeb show the message error indicating that can’t connect to remote computer. Meanwhile after the first call I continue receiving more 3 calls from MFA service.
I tested the MFA directly on the MFA Server and it works well with the same test account used on RDWeb access.
Aparently RD Gateway forwards the RADIUS request through NPS to MFA server then MFA perform the two factor authentication sequence with the user (via phone call in my case). User reply, but the MFA server apparently don’t send back an ACCEPT to RD Gateway as expected.
Firewalls on RDS-GW and RDS-SH server are disabled. The RDS-GW server shows 4 times the NPS event ID 28 “The RADIUS Proxy received a response from server 10.150.1.12 with an invalid authenticator.” and 1 time the NPS event ID 38 “The remote RADIUS server 10.150.1.12 has not responded to 5 consecutive requests. The server has been marked as unavailable.”.
I can’t figure out why this doesn’t work.
Any help?
I implemented a RDS lab with 2 Windows 2012 R2 Servers:
- RD WA, RD GW and RD CB roles on the RDS-GW Server (10.150.1.11)
- RD SH on RDS-SH Server (10.150.1.12)
With no MFA authentication, the RDWeb access work very well. When I connect via RDWeb with an test account and open an RemoteApp, the RD GW verify CAP policy, then authenticate the user then verify the RAP policy and finaly the app is open.
Next I installed Azure MFA Server on the RDS-SH server to implement Multi-Factor Authentication. I configured RD GW, NPS and MFA Servers following the steps on http://www.rdsgurus.com/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ (Step By Step – Using Windows Server 2012 R2 RD Gateway with Azure Multifactor Authentication).
Now, when I connect via RDWeb and open a RemoteApp, after aproximadly 10 seconds I receive the MFA call on my phone, I reply with # but RDWeb continues showing the waiting Window with “Starting…” and the remote app don’t open. After 1 minute RDWeb show the message error indicating that can’t connect to remote computer. Meanwhile after the first call I continue receiving more 3 calls from MFA service.
I tested the MFA directly on the MFA Server and it works well with the same test account used on RDWeb access.
Aparently RD Gateway forwards the RADIUS request through NPS to MFA server then MFA perform the two factor authentication sequence with the user (via phone call in my case). User reply, but the MFA server apparently don’t send back an ACCEPT to RD Gateway as expected.
Firewalls on RDS-GW and RDS-SH server are disabled. The RDS-GW server shows 4 times the NPS event ID 28 “The RADIUS Proxy received a response from server 10.150.1.12 with an invalid authenticator.” and 1 time the NPS event ID 38 “The remote RADIUS server 10.150.1.12 has not responded to 5 consecutive requests. The server has been marked as unavailable.”.
I can’t figure out why this doesn’t work.
Any help?