I have setup two application, Microsoft RDP and Microsoft RRAS and both are working fine for my users with the Duo app installed however I have two users with old phones who want to authenticate via SMS.
I setup RDP first, created a custom policy for SMS Passcode-only authentication, assigned into to a group and added the one user who needed to authenticate via SMS to that group. It worked perfectly.
I then setup RRAS and used the same custom policy for this new application, adding my second SMS-only user (he doesn’t need access to the Remote Desktop Server, just VPN access).
Both users failed to authenticate their VPN connection.They just receive the standard “The connection was prevented because of a policy configured on your RAS/VPN server” message.
If I change the authentication method from SMS Passcode to Phone Callback a call is received and the VPN connects successfully.
Thanks for coming back to me. I tested authentication via SMS and it worked but it was very clunky and I just wanted to check that this was as expected.
I created a new VPN connection through Windows 11. Set the password using the format password,sms as per the end user guide, received my single passcode via SMS, edited my VPN connection to set the new password in the format password,passcode and successfully connected.
All good so far except that this only worked once. Not only that, I had to edit the VPN connection to reset the authentication protocol to PAP before going through the whole process of requesting another passcode via SMS.
Is that what you would expect to happen or am I missing a trick here?