Windows 2019 NPS Server Firewall Exclusion

Description:

You have completed the NPS configuration using Windows Server 2019. You have put the correct secrets at the VPN servers. You also have make sure there's no Network Firewall between the VPN server and NPS Server. 

However client machine cannot connect to the VPN. And you cannot see the traffic reaching the NPS Server. There's nothing in the NPS Server event viewer.

Resolution:

At the NPS server, open command prompt with elevated permission and type:

sc sidtype IAS unrestricted

Restart the server after that.

Windows Defender Firewall on the NPS should be automatically configured with exceptions, during the installation of NPS, to allow this RADIUS traffic to be sent and received.

With Server 2019 this firewall exception requires a modification to the service account security identifier to effectively detect and allow RADIUS traffic. If this security identifier change is not executed, the firewall will drop RADIUS traffic. The above command changes the IAS (RADIUS) service to use a unique SID instead of sharing with other NETWORK SERVICE services.

Error Connecting to SQL Server Instances after enabling Windows Firewall

Description:

For security reason, you need to enable the Windows Firewall on your SQL server machine.

However, after you enable them, user cannot connect to one of your SQL Instances. You already create Inbound TCP rule to allow port 1433 and another TCP port where the instance listened, but users still cannot connect. They can connect if the specified the port number for that instance was directly written on the connection page.

Resolution:

Make sure you also create inbound rule for UDP port 1434. The SQL Server browser service runs on UDP port 1434 and listens for incoming connections to a named instance.