Azure MFA NPS Extension Health Check Script

You can use this script to run it over MFA NPS Extension servers to perform some basic checks, it will help sometimes to detect some issues. The output will be in HTML format.

 
 
 
 
 
5 Star
(1)
1,328 times
Add to favorites
Windows Azure
11/22/2018
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Check Server time Sync
    2 Posts | Last post Tue 8:11 AM
    • interestingly the time is correct, unsure why this showed up.  We are trying something maybe unique and the issue, all tests pass, except time which is reporting incorrectly wrong.  I checked time zone and time, it is on point.
      
      We are trying to use this NPS server which is a Azure AD Domain Services endpoint and replicating from Azure active directory.  the AADDS is abcd.com whereas the Azure Active Directory is alphabetbdc.com...they sync for other functions.  
      
      Do you know if implementing MFA against AADDS syncd to a AAD based (non on-premise real DC or domain) will work?
      
    • I think the time issue may be to do with the URL used to pull the source time; in the script it calls 
      
      $request = Invoke-WebRequest -Uri 'http://nist.time.gov/actualtime.cgi?lzbc=siqm9b' -UseBasicParsing;
      
      However the URL issues a redirect to HTTPS which I suspect is our issue try the same URL but with HTTPS directly (shown below) it seems to fix this issue for me
      
      $request = Invoke-WebRequest -Uri 'https://nist.time.gov/actualtime.cgi?lzbc=siqm9b' -UseBasicParsing;
      
      
  • Why are you using a tcp443 connection at step 2 (and not a webrequest as step 1?)
    2 Posts | Last post April 26, 2019
    • Is it because you are doing exactly what the application is doing ?
      
      I'm asking because we are behind a proxy and this step is not working behind that proxy as you are opening a tcp connection to port 443 ...
      
      Thank you Ahmad !
    • thanks Carl, sorry for late reply, I didn't get your point, can you explain more? 
      
      btw we are working in newer version that will include more accurate tests for connectivity.