I must be missing something basic – is there some "master" switch for enabling Network Policy Server? It's not listening on any of the RADIUS ports. Detail:
Trying to setup Windows Server 2019 as a RADIUS server. However, after configuring everything, "netstat -b" shows that the machine is not listening on any of the expected RADIUS ports (1812, 1645, 1813, 1646).
- Installed the "Network Policy and Access Services" role
-
Confirmed the "Network Policy Server" service is running.
Result: "netstat -b" shows that the machine is not listening on any of the expected RADIUS ports (1812, 1645, 1813, 1646).
Have tried with no luck:
- Rebooting
- Restarting the "Network Policy Server" service
Best Answer
netstat -b does not return any information for NPS port 1812 but netstat -na | findstr 1812 does on Windows 2019 Server.
There is a bug in NPS on Windows Server 2019 where it fails to register properly with Windows Firewall. See https://blog.topqore.com/radius-authentication-using-nps-on-server-2019-bug/ for detailed information. The fix listed in the article worked successfully for me.
This changes the Service in the NPS rules in the Windows Firewall from IAS to Any.
https://social.technet.microsoft.com/Forums/en-US/cf047df5-ed4a-46b9-9564-c9db5a9bc8dc/windows-server-2019-default-nps-firewall-rules-port-1812-udp-not-working?forum=ws2019
Social.Technet also lists a fix using "sc sidtype IAS unrestricted" but I have not tested this.
The firewall issue was the underlying problem for me. Using the wrong netstat command send me on a wild goose chase for a little while:)