NPS: Ping User-Name
Applies To: Windows Server 2008, Windows Server 2008 R2
Some Remote Authentication Dial-In User Service (RADIUS) clients — RADIUS proxy servers and network access servers (NASs) — periodically send artificial connection requests, known as ping requests, to servers running Network Policy Server (NPS) and other RADIUS servers in order to verify that the NPS and RADIUS servers are available. These ping requests contain a fictional user name. When NPS processes these requests they are all rejected, and the event and accounting logs become filled with access reject records, making it more difficult to keep track of valid records.
You can configure a Ping User-Name registry entry that specifies the fictional user name (or a user name pattern, with variables, that matches the fictional user name) that is sent by RADIUS clients. When a registry entry for Ping User-Name is configured, NPS matches the registry entry value against the user name value when it receives ping requests. In this circumstance, NPS rejects the authentication requests without processing them. NPS does not record accounting data for connection requests that contain the fictional user name in any log files, which makes the event log easier to interpret.
Note
The Ping User-Name registry entry is not created by default when NPS is installed. You must add Ping User-Name to the registry. You can add an entry to the registry by using Registry Editor.
Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IAS\Parameters\
To add Ping User-Name to the registry
When you add the Ping User-Name entry to the registry, you must supply values for Name, Type, and Data, as shown in the following table.
| Name | Type | Data |
|---|---|---|
Ping User-Name |
REG_SZ |
User name |
To indicate one or more user names for a Ping User-Name value, you can enter name patterns (regular expressions) in Data. For example, to indicate one user name of a domain user, you can enter the following regular expression in Data, ^<domain>\\<username>$, or to indicate one user name of a local user, you can enter the following regular expression ^<Machine Name>\\<User Name>$. Or if you want to indicate all domain user names starting with “Test”, you can use the following name pattern, ^<domain>\\Test or \\Test (the latter will apply to any user in the form <domain>\\Test<optional suffix>). For more information about building regular expressions, see Regular Expressions (Visual Studio) (https://go.microsoft.com/fwlink/?LinkID=184811).