Network Policy Server Event ID 4421 - How To Enable RequireMsgAuth and ...
...According to the official documentation provided by Microsoft, you can use the netsh command prompt to configure RequireMsgAuth and limitProxyState. I suggest you complete all the configurations and see if the relevant error message still appears....
https://learn.microsoft.com/en-us/answers/questions/2236764/network-policy-server-event-id-4421-how-to-enable
Protect against security risks and NPS connection failures that affect ...
...Enable the requireMsgAuth configuration to enforce dropping the RADIUS response packets from remote servers that lack the Message-Authenticator attribute. By default, the requiremsgauth attribute is tuned off. We recommend turning this attribute on....
https://m365admin.handsontek.net/protect-against-security-risks-and-nps-connection-failures-that-affect-radius-server-environments/
Windows Update July 2024: Are there issues with Radius ... - BornCity
...This configuration enables NPS Proxy to drop potentially vulnerable response messages without the Message-Authenticator attribute. To add an exception to exclude a server from requireauthmsg validation, run the following command: netsh nps set requiremsgauth remoteservergroup =
https://borncity.com/win/2024/07/16/windows-update-july-2024-are-there-issues-with-radius-authentications/
KB5040268: How to manage the Access-Request packets attack ...
...Enable the requireMsgAuth option to enforce dropping the RADIUS response packets from remote servers without the Message-Authenticator attribute. By default, the requiremsgauth option is turned off....
https://support.microsoft.com/en-us/topic/kb5040268-how-to-manage-the-access-request-packets-attack-vulnerability-associated-with-cve-2024-3596-a0e2f0b1-f200-4a7b-844f-48d1d5ab9e66
Enable RequireMsgAuth and/or limitProxyState - Microsoft Q&A
...Ensure that the values for RequireMsgAuth and limitProxyState are set correctly. Test the connection using a RADIUS client, such as a wireless access point, to ensure that the NPS is working properly. Check for NPS-related errors or warnings. I hope the above information is helpful to you....
https://learn.microsoft.com/en-us/answers/questions/2188614/enable-requiremsgauth-and-or-limitproxystate
Network Policy Server Management with Administration Tools
...You can use commands in the Netsh NPS context to show and set the configuration of the authentication, authorization, accounting, and auditing database used both by NPS and the Remote Access service....
https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-admintools
network policy via netsh on nps, constant error - Microsoft Q&A
...The netsh nps commands are working fine if these are being used with the parameter " processingorder=x " . If the param is not used you will run into the error "The parameter is incorrect"....
https://learn.microsoft.com/en-us/answers/questions/155911/network-policy-via-netsh-on-nps-constant-error
Message Authentication - Microsoft Q&A
...Looking to enable RequireMsgAuth and/or limitProxyState configuration is in Disable mode on my NPS but cannot find where....
https://learn.microsoft.com/en-us/answers/questions/2182592/message-authentication
Always On VPN and Blast-RADIUS | Richard M. Hicks Consulting, Inc.
...netsh.exe nps set limitproxystate all = enable. netsh.exe nps set requiremsgauth all = enable. When using Windows Server Routing and Remote Access (RRAS) without EAP, ensure the RADIUS server configuration always includes the Message-Authenticator....
https://directaccess.richardhicks.com/2024/07/15/always-on-vpn-and-blast-radius/
maintaining a Windows NPS configuration with many RADIUS clients ...
...We have a Windows NPS server to allow RADIUS authentication against AD. There are a few (around 12) clients that need to be able to send auth requests to it....
https://www.reddit.com/r/sysadmin/comments/k9ffzz/maintaining_a_windows_nps_configuration_with_many/