SSL-VPN causing 100% CPU with NPS and Azure MFA Extension

Author
HubbaBubba
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/06/22 01:41:52
  • Status: offline
2020/06/22 01:51:23 (permalink)
0

SSL-VPN causing 100% CPU with NPS and Azure MFA Extension

Hi,
I have configured an existing SSL-VPN to use Radius.
The Radius sends requests to a Microsoft NPS server with the Azure extension installed which will provide MFA requests.
All the config works great.
After several hours of running the server is maxing it's CPU at 100% on a COM surrogate process.
Users get delays to the authentication request or none at all.
There is an event constantly logged that may be causing this issue:
Log Name: AuthZAdminCh
Source: Microsoft-AzureMfa-AuthZ
Date: 22/06/2020 09:46:16
Event ID: 3
Level: Critical
User: NETWORK SERVICE
Computer: Servername
Description:
NPS Extension for Azure MFA: CID: <> :Exception in Authentication Ext for User USername :: ErrorCode:: REQUEST_MISSING_CODE Msg:: Request is missing OTP Enter ERROR_CODE @ https://go.microsoft.com/fwlink/?linkid=846827 for detailed troubleshooting steps.
This request is coming from the FortiGate but does not relate to an active request for a user to log in, it appears to be an old request that does not timeout.
Can anyone point me to the settings that is causing these requests on the FortiGate?
#1

1 Reply Related Threads

    HubbaBubba
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/22 01:41:52
    • Status: offline
    Re: SSL-VPN causing 100% CPU with NPS and Azure MFA Extension 2020/06/22 08:11:54 (permalink)
    0
    After some testing and troubleshooting I cannot find a fix.
    The current workaround is to restart the NPS server every 3 hours.
     
    The full fix is to update the firmware on the firewall to Forti OS 6.0.9 or above which should happen in the next week on the managed firewall.
    #2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5