In this blog post i will show you how to setup a Microsoft VPN connection with the new NPS Extension for Azure AD MFA.
This is new service that the Microsoft NPS team just released, that adds an Extension to the Windows Network Policy Server.
When using the NPS extension for Azure MFA, the authentication flow includes the following components:
This is copied from https://docs.microsoft.com/nb-no/azure/multi-factor-authentication/multi-factor-authentication-nps-extension
- NAS/VPN Server receives requests from VPN clients and converts them into RADIUS requests to NPS servers.
- NPS Server connects to Active Directory to perform the primary authentication for the RADIUS requests and, upon success, passes the request to any installed extensions.
- NPS Extension triggers a request to Azure MFA for the secondary authentication. Once the extension receives the response, and if the MFA challenge succeeds, it completes the authentication request by providing the NPS server with security tokens that include an MFA claim, issued by Azure STS.
- Azure MFA communicates with Azure Active Directory to retrieve the user’s details and performs the secondary authentication using a verification method configured to the user.
The following diagram illustrates this high-level authentication request flow:
About a week ago another person in our IT department installed KB3211320 (Update for Windows Server 2016 for x64-based Systems) on our DPM servers.
In this little post i will do a step by step guide on how to deploy an Azure Web App with Octopus Deploy.
Prerequisite knowledge and already done
Azure Web App deployed via Resource Manager and some knowledge and access to the subscription.
Octopus Deploy already installed and you have some knowledge about Octopus Deploy
A friend of mine asked me about this a while ago, as he had setup his S2D cluster with SSD and HDD only. So the SSD’s became the journal drives(caching drives). Now he wanted to replace the SSD’s with NVME disks that he had replaced. Yesterday he did the swap and it worked great.
After System Center 2016 came out i went straight on to setting up DPM 2016 with Modern Backup Storage. This had been running fine for a while. A bit slow for the DPM console to respond after doing a synchronization .
A week ago i got an email that one of our Virtual Machines latest backup had failed and was in an inconsistent state.
So tried to do a synchronization but that did not help. Then i tried removing the backup and adding it again. Now it would say it was ok, but it had only backed up 79MB. So i did a new synchronization and it failed with a Replica is Inconsistent and the error msg in the logs where
After my initial failure of replacing a NVME Caching card and hitting a bug in the 2016 version i was on, i replaced another one today. As we where starting our cluster out with Intel 750 drives, and these NVME PCIe cards only have 70gb of write’s pr day. So i decided to replace them with the Intel DC P3600. The first failed as can be seen here.
Now this is a cool new feature Microsoft has come up with. It allows you to mange your on premise servers with the Azure Portal. All you need to do is install a gateway server on your local network. Configure some steps in Azure, and install a small program and you are almost good to go.
Thought i should write a small post about setting up a Site to Site VPN between Azure Resource Manager and a Fortigate Firewall on 5.4.
Important thing to notice here. Use Route Based VPN Type on the Azure Virtual Network Gateway for this.
I used this guide to setup our Azure IPsec tunnel from Microsoft. I recommend using there guides when it comes to azure setup. Combine these with other relevant guides. Make sure they have been recently.
Over the last few weeks we have been having some issues with our Storage Spaces Direct test/dev cluster. To start off i will explain what happened and what did go wrong.