This is the first version of Azure MFA NPS Extension Troubleshooter,

 

When this script is useful …

 

I can say that we can use it in all cases, but it’s will be very useful when you start complaining that MFA NPS Extension not working at all

What to expect soon …

 

Lot of things, This script is still basic one, but always remember that The journey of a thousand miles begins with a step ,I need to devlop this to include more tests, also it will be include troubleshooting scenarios where only one user is not working, issues with AD like permision issues ...etc.

 

How to Run the Script …

 

It’s in the attachment, just rename the extension to PS1 instead of TXT, then run it using PowerShell directly, very easy to run.

 

What tests this Script will do …

 

Basically, it will perform 11 tests against MFA Extension Server as below:

 

1- Checking Accessibility to https://login.microsoftonline.com  ...

 

2- Checking Accessibility to https://adnotifications.windowsazure.com  ...

 

3- Checking MFA version ...

 

4- Checking if the NPS Service is Running ...

 

5- Checking if the SPN for Azure MFA is Exist and Enabled ...

 

6- Checking if Authorization and Extension Registry keys have the right values ...

 

7- Checking other Azure MFA related Registry keys have the right values ...

 

8- Checking if there is a valid certificated matched with the Certificates stored in Azure AD ...

 

9- Checking the time Synchronization in the Server ...

 

10- Comparing server time with reliable time server

 

11- Checking all Missing Updates on the server ...

 

 

What Requirements needed to run the script …

 

The script need to be run under a user has a local admin Privilege on the server and it will ask for global admin on the tenant to be run.

 

How the result will be displayed ….

 

In PowerShell console it will only display the tests name, then it will convert the result to HTML file located under C drive under AzureMFAReport.Html name

 

Console Output:

HTML output:

 

 

 

In case the script detect some issues, does it will fix it automatically …

 

No, but the script will suggest some remediation steps as below example:

 

 

 

The script is not checking everything, right …

 

Sure, here I need your help, feel free to share your ideas with me and we can work together to improve it, you can put your suggestions in Q&A section here.

 

Do you think that the HTML design is cool …

 

No, I am not good in HTML design, help me to make it better, you can put your suggestions in Q&A section here.