Hello everyone, we have likely reached an understanding of the issue at hand. As previously communicated to support, I have replicated the same physical and logical structure of the client’s ADDS, including the network setup, in my laboratory. I analyzed the network traffic and firewall logs during the various stages of NPS configuration (domain discovery phase) and throughout the activity execution. It was observed that communications were being blocked towards the following ports:
- Domain discovery phase (during initial wizard): Port 445 TCP SMB
- Activity execution phase: Port 88 KERBEROS TCP
I proceeded to add these ports to those already configured according to the documentation, and everything seems to be functioning properly!
Yesterday, I received confirmation when I replicated the installation for a new client where I must implement the solution in a high availability environment with ADDS in tiers. The command “nltest /dsgetsc: … /PDC” appears to respond correctly.
Below are the ports I configured between the NPS server and ALL domain controllers within the domain:
I emphasized ALL because even though they are not part of the site where the PAM servers are located, it is crucial that all domain controllers are reachable. The role of the PDC is not static and could be transferred to any DC within the domain.
I hope this has been helpful. I await confirmation from support that they have also encountered this issue and will update the official documentation accordingly.
Best regards,
C.