Azure MFA NPS Extension – Health Check Script V1

Hello All,

Ahmad Yasin

I was very busy in the last period, hence i was not able to publish some new articles, but i am coming back so a lot of topics in it’s way soon.

Today, i am happy to announce that I implemented a simple script that will help you to perform a health check for your Azure MFA NPS Extension server(s) and detect some issues if it’s exist.

 

When this script is useful …

 

I can say that we can use it in all cases, but it’s will be very useful when a customer complains that MFA NPS Extension not working at all.

 

What to expect soon …

 

Lot of things, This script is still basic one, but always remember that The journey of a thousand miles begins with a step ,we need to develop this to include more tests, also it will be include troubleshooting scenarios where only one user is not working, issues with AD like permission issues …etc.

 

How to Run the Script …

Just download the script from TechNet gallery, run it using PowerShell directly, very easy to run, I uploaded the script to TechNet gallery to make it easier to update it.

Download Link: https://gallery.technet.microsoft.com/Azure-MFA-NPS-Extension-648de6bb

What tests this Script will do …

Basically, it will perform 11 tests against MFA Extension Server as below:

 

1- Checking Accessibility to https://login.microsoftonline.com  …

2- Checking Accessibility to https://adnotifications.windowsazure.com  …

3- Checking MFA version …

4- Checking if the NPS Service is Running …

5- Checking if the SPN for Azure MFA is Exist and Enabled …

6- Checking if Authorization and Extension Registry keys have the right values …

7- Checking other Azure MFA related Registry keys have the right values …

8- Checking if there is a valid certificated matched with the Certificates stored in Azure AD …

9- Checking the time Synchronization in the Server …

10- Comparing server time with reliable time server

11- Checking all Missing Updates on the server …

 

What Requirements needed to run the script …

The script need to be run under a user has a local admin Privilege on the server and it will ask for global admin on the tenant to be run.

How the result will be displayed ….

In PowerShell console it will only display the tests name, then it will convert the result to HTML file located under C drive under AzureMFAReport.Html name

 

Console Output:

HTML output as a final result:

In case the script detect some issues, does it will fix it automatically …

No, but the script will suggest some remediation steps as below example:

 

The script is not checking everything, right …

Sure, here I need your help, feel free to share your ideas with me and we can work together to improve it, eave a comment in this thread if you need to participate.

Do you think that the HTML design is cool …

No, I am not good in HTML design, help me to make it better, leave a comment in this thread if you need to participate.

 

Ahmad Yasin

Ahmad Yasin (MCSA office 365, MCSE, Messaging, Azure certified)

 

Ahmad Yasin is a Microsoft Cloud Engineer and the Owner & publisher of AzureDummies blog. He also holds many certificates in office 365 and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions and MCSA office 365.

Find Ahmad at Facebook and LinkedIn.

Leave a Reply

Your email address will not be published. Required fields are marked *