Enter ERROR_CODE for detailed troubleshooting steps. Timestamp: 15:55:52Z Enter ERROR_CODE for detailed troubleshooting steps. Error authenticating to eSTS: ErrorCode:: ESTS_TOKEN_ERROR Msg:: Error in retreiving token details from request handle: -895352823 AADSTS700023: Client assertion audience claim does not match Realm issuer. NPS Extension for Azure MFA: CID: 34e0abbd-a7aa-43b5-983b-f34022101f42 :Exception in Authentication Ext for User :: ErrorCode:: CID :34e0abbd-a7aa-43b5-983b-f34022101f42 ESTS_TOKEN_ERROR Msg:: Verify the client certificate is properly enrolled in Azure against your tenant and the server can access URL in Registry STS_URL. I also saw this error in event viewer logs under Applications and Services: Logs>Microsoft>AzureMfa>AuthZ: Get-MsolServicePrincipalCredential -AppPrincipalId “981f26a1-7f43-403b-a875-f8b09b8cd720” -ReturnKeyValues 1 ) Fig 1.1 Azure NPS extension Cert PowerShell Output (Note the following commands are run to get the certificate properties): However, while troubleshooting, I noticed I had multiple certificates, but no way to remove. We got the NPS with no issue, but as soon as we installed the NPS extension and created the cert, our test connection would instantly fail.Īll I saw in the NPS was the “extension was being bypassed.” It was frustrating, to say the least. Here’s some background: I’ve set up an NPS server in Azure for a client so they can leverage the NPS MFA extension that you can integrate into your Azure AD MFA component. I wanted to get this quick-read out there, as I recently ran into this issue and didn’t see any articles about a remedy for it.
0 Comments
Leave a Reply. |