Applies ToWindows 11 version 23H2, all editions Windows 11 version 22H2, all editions Windows 11 version 21H2, all editions Windows 10, version 22H2, all editions Windows 10, version 21H2, all editions Windows Server 2022 Windows Server 2019 Windows Server 2016 Windows Server 2012 R2 Windows Server 2012 Windows Server 2008 R2 Windows Server 2008

Summary 

After installing the July 2024 Windows security update  released on or after July 9, 2024, you might encounter connection issues with the Network Policy Server (NPS). You are more likely to encounter this issue if your organization’s firewall/RADIUS solution does not support the Message-Authenticator attribute mandated by the new RADIUS standards. Network administrators and vendors should follow the guidance in the vendor guide released by InkBridge Networks, the developers of FreeRADIUS. 

Microsoft implemented this security change mandated by RADIUS standards on July 9, 2024. Resulting from this, NPS connection failures can occur in firewalls and VPN solutions which haven’t made changes to include and process the Message-Authenticator attribute field in their Access-Request packets. 

If you use the Home or Pro editions of Windows for personal use, you are unlikely to encounter this issue as this scenario is more commonly used in enterprise environments. 

Next Steps 

The current failure can be mitigated by incorporating mitigations or configuration updates from your respective firewall/RADIUS solution provider.  

Important This behavior is caused by a protection update mandated by new RADIUS standards. Microsoft recommends that customers install the latest Windows update available and take actions as suggested here to help stay protected and apply workarounds for this issue as firewall providers release them.

Contact your support provider

If you require assistance in resolving this issue, please contact your support provider. Ensure that they verify the support for the Message-Authenticator attribute in both requests and responses for all client and server entities dependent on RADIUS authentication.

References

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. We make no warranty, implied or otherwise, about the performance or reliability of these products.

We provide third-party contact information to help you find technical support. This contact information may change without notice. We do not guarantee the accuracy of this third-party contact information.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.