I have 2 server 2008 R2 - one is AD DC and the second one has NPS and RRAS-VPN installed. The second server is a member of the domain. The problem is I cannot add AD groups in NPS policies. If I add a local user to that server then I can VPN successfully (from my iphone actually - haven't tried from a machine as I do not have a 3G modem to test). When I go to Network policies - Connections to RRAS - condition - groups - windows groups or user groups I can only see the user/groups from the local server - it does not give me domain options. In event log: CoId={NA} the user domainname\administrator connected from public_IP but failed authentication attempt due to the following reason: the connection was prevented because policy configured on your RAS/VPN server. Specifically the authentication method used by the server to verify your username and password may not match the auth method configured in your connection profile. Event ID: 20271 RRAS: IPv4 to allow LAN and demand dial routing, security - controlled by NPS thanks

H sshoaib, Thanks for posting here. >When I go to Network policies - Connections to RRAS - condition - groups - windows groups or user groups I can only see the user/groups from the local server - it does not give me domain options. Have you also registered your NPS service in active directory system? Register the NPS Server in Active Directory Domain Services http://technet.microsoft.com/en-us/library/cc754878(WS.10).aspx Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks - the first problem was my vmware Network issue. Then I had to register my server to AD.