Network Policy Server (NPS) Troubleshooting Tip

Windows Network Policy Server Troubleshooting tip.

Check the NPS logs from event viewer, it will tell you which policy your attempt is hitting, from there you may figure out your problem:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

	Security ID:			ictfella\testuser
	Account Name:			ictfella\testuser
	Account Domain:			ictfella
	Fully Qualified Account Name:	ictfella.local/Users/Danny Zhang

Client Machine:
	Security ID:			NULL SID
	Account Name:			-
	Fully Qualified Account Name:	-
	OS-Version:			-
	Called Station Identifier:		-
	Calling Station Identifier:		-

	NAS IPv4 Address:		172 NAS Port-Type:			-
	NAS Port:			-

RADIUS Client:
	Client Friendly Name:		ICTFELLASW01
	Client IP Address:

Authentication Details:
	Connection Request Policy Name:	Use Windows authentication for all users
	Network Policy Name:		Connections to other access servers
	Authentication Provider:		Windows
	Authentication Server:		NPS01.ictfella.local
	Authentication Type:		PAP
	EAP Type:			-
	Account Session Identifier:		-
	Logging Results:			Accounting information was written to the local log file.
	Reason Code:			65
	Reason:				The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.


  1. The highlighted field are very useful
  2. The “reason” field is useless, it is not telling you the truth most of time.

Leave a Comment

Your email address will not be published. Required fields are marked *