使用Server 2019的NPS做Radius认证时,会发现默认情况下即使本地firewall有设置相关的inbound 规则,但是Radius认证的UDP请求还是被阻挡了,暂时停止firewall就正常,这个问题在网上也有人反馈过,微软也有文档说明,复制到这里备忘,具体可以参考下面的链接。

「With Server 2019 this firewall exception requires a modification to the service account security identifier to effectively detect and allow RADIUS traffic. If this security identifier change is not executed, the firewall will drop RADIUS traffic. From an elevated command prompt, run ​sc sidtype IAS unrestricted​. This command changes the IAS (RADIUS) service to use a unique SID instead of sharing with other NETWORK SERVICE services.」

​​​​https://learn.microsoft.com/en-us/windows-server/networking/technologies/nps/nps-firewalls-configure​

​https://social.technet.microsoft.com/Forums/en-US/0bf054af-eebe-4a2b-a07b-ccab174b234f/server-2019-radius-blocked-by-defender-firewall​