Session Timeout with RRAS on server 2008 r2


I have duo working with 2008 r2 RRAS for vpn access but I cannot figure out how to create a day/time restrictions and session timeout. Looks like with RADIUS selected the NPS policies are ignored.

My problem is exactly like this article:

Can anyone point me in the right direction?

I have followed these instructions to get it working thus far:


I have the exact same issue on Server 2016. The session timeout is being ignored. I have the Duo Proxy Authentication software/service running on a separate server. Any way to enforce the session timeout?


I found this article and at the end it says MS is aware of it and there is no fix currently.

As a workaround, I wrote the following powershell script and configured it to run as a scheduled task on my VPN server. I have it set to run every 5 minutes. Our policy is to sever connections after 4 hours.

#Using Radius/2FA breaks NPS policy so the session policy does not work in RRAS
#This script will disconnect VPN users connected longer than 4 hours

$vpnusers = Get-RemoteAccessConnectionStatistics | where {$_.connectionduration -ge 14400} 
| select -ExpandProperty UserName
foreach($user in $vpnusers){Disconnect-VpnUser -UserName $user}

#Code for testing
#foreach($user in $vpnusers){write-host $user}



Thanks that might be something I can work with.