If you use group membership as part of the Network Policy conditions for authenticating, make sure to use a Security Group and not a Distribution Group. Also make sure no one has changed it from a security group to distribution group!
Next check the user's account on AD has the Control access through NPS Network Policy selected in the Dial-in properties.
If that doesn't work, check the domain certificate hasn't expired and auto-renewed. If it has, request a new certificate on the NPS server, switch to the new cert, then back to the auto-renewed one.
No comments:
Post a Comment