Month: February 2019

Always On VPN and Windows Server 2019 NPS Bug

/ Konkretor / Leave a comment

Richard M. Hicks Consulting, Inc.

When deploying a Windows Server 2019 Network Policy Server (NPS) to support a Windows 10 Always On VPN implementation, administrators may encounter the following error when attempting to establish a VPN connection on a remote Windows 10 client.

Can’t connect to [connection name].

The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

Always On VPN and Windows Server 2019 Network Policy Server Bug
In addition, an event ID 20227 from the RasClient will be recorded in the application event log with the following error message.

The user [username] dialed a connection named [connection name] which has failed. The error code returned on failure is 812.

Always On VPN and Windows Server 2019 Network Policy Server Bug

Common Causes

Always On VPN error code 812 indicates an authentication policy mismatch…

View original post 276 more words

unifi dynamic vlan with nps

/ Konkretor / Leave a comment

NPS with dynamic vlan is working fine, but you have restrictions.

You can use dynamic vlan only when it´s not used by a another network.

Look below, 1, 5, 1 is used, now you can´t use this in your dynamic vlan configuration with nps.

Under profiles you must enable radius assigned vlan for wired/wireless network in your radius profile

How to configure dynamic vlan with nps, you can look here
http://wifinigel.blogspot.com/2014/03/microsoft-nps-as-radius-server-for-wifi_18.html

Dynamic VLAN Assignment (Cisco and NPS)

/ Konkretor / Leave a comment

Mike Pemberton's Blog

In an earlier post we used 802.1x to authenticate users into the network and assign them into a VLAN based on either a successful or unsuccessful authentication as well as a VLAN for clients who did not send an initial EAPOL message. While this can be quite useful, it can also be quite restrictive – what if we wanted different authenticated users into different VLANs rather than just the authenticated VLAN? This is entirely do-able. An example use case would be having be an office with several hot desks, used by various departments, but a compliance restriction that places heavy restrictions on network access into particular resources such as HR, finance and so on. It would be an administrative headache to keep logging into the switch each time to change the VLAN depending on who was sat at these hot desks for the day, so we can leverage 802.1x to do…

View original post 468 more words