Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,591 questions
NPS MFA extension problem
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 32%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Valdo Armuand
0
Reputation points
Dear all,
We're trying to implement Entra/Azure MFA for OpenVPN on pfsense. We've installed the NPS MFA extensions, and configured everything as instructed by the official documentation. When a user tries to sign in through the OpenVPN we're seeing the below error message in the eventlog in the Microsoft-AzureMfa-AuthZ/AuthZAdminCh log:
CID: 10873d73-8e23-48b9-8d55-d5d32bffac97 :Exception in Authentication Ext for User xx :: ErrorCode:: ESTS_TOKEN_ERROR Msg:: Unable to get Azure AD access token. [Reason:AADSTS500014: The service principal for resource 'https://adnotifications.windowsazure.com/StrongAuthenticationService.svc/Connector' is disabled. This indicate that a subscription within the tenant has lapsed, or that the administrator for this tenant has disabled the application, preventing tokens from being issued for it.
The certificate is registered in Azure.
The Radius works if i disable the MFA extension with MFA_NPS_Troubleshooter.
What can be the cause of the error?
Sign in to answer