This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 66%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOK%3C/text%3E%3C/svg%3E)
Hello Chaps,
Yesterday we disabled NTLM 1 at the Domain level and we noticed this morning the Azure MFA plugin installed on NPS server stopped working. Tried uninstalling the plugin and install the latest version from Microsoft but that didn't help. The error message on NPS logs was "An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request". We had to re-enable NTLM v1 to get the MFA working. Is there a way to force the plugin to use NTLM v2 or Kerberos for authentication? Operating system is Windows 2012 R2.
Thanks,
Kiran
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Oddiraju, Kiran Apologies for the delay in responding to this post. Let me do a repro this scenario in my lab.
Please help me with OS details on the server/client logs at the time of issue to investigate further.
Hi Girish,
Many thanks for your response. We have the MFA plugin installed on a Windows Server 2012 R2 server.
Thanks,
Kiran
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 49%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETH%3C/text%3E%3C/svg%3E)
We have the same issue, but on a new install.
Server 2022, nps with latest NPS azure plugin. Our AD is not supporting NTLM V1 (V1 disabled), and we get the same error "An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request".
The error comes when users is connecting and trying to get validated through a vpn client.
Following this thread to see if any solution comes up.
@Oddiraju, Kiran Just wanted to check whether primary authentication is working or not.
Determine if Primary Authentication is working:
Export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters registry key as a backup.
Delete the registry values for “AuthorizationDLLs” and “ExtensionDLLs”, not the Parameters key.
Restart the Network Policy Service (IAS) service for the changes to take effect
Determine if primary authentication for VPN is successful.
Let me know the results for this scenario.
@Tommy H Just wanted to check whether primary authentication is working or not.
Determine if Primary Authentication is working:
Export the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters registry key as a backup.
Delete the registry values for “AuthorizationDLLs” and “ExtensionDLLs”, not the Parameters key.
Restart the Network Policy Service (IAS) service for the changes to take effect
Determine if primary authentication for VPN is successful.
Let me know the results for this scenario.
Hi.
Thanks for quick update.
I removed the settings from registry and restarted the service.
users are now getting validated without MFA so that part is working in my scenario.
After I have tested this, I imported the settings to registry again and restarted the service.
Now funny things happened because I now get validated against Azure MFAand get my MFA keys.
I already before have tried:
Uninstall extension - install again.
repair
re-register
all things without any luck, but this change to registry somehow did some magic.
@Tommy H Thanks for the update, really surprised this has helped to resolve your long pending issue.
Let me know if you have any further questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 47%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
If I delete the registry entries:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AuthSrv\Parameters
AuthorizationDLLs
ExtensionDLLs
I can get the NPS service to start.
However they are required to do Azure MFA, and when I put them back I can't get the NPS service running again.