Hi, @TomYoung Also hello to everyone else whom may come across this issue themselves with regards to 2016 ADs Ok, so with Toms' great advice (regards the PA config) and some research. It appeared to be hitting a completely different policy (a default RADIUS deny policy as stated in on my above image). So as a test, I allowed the policy and left the constraints with only the default time constraint, adding in the respective VSA for PA. In which has now worked, and I able to access with RADIUS as an Admin onto my PA. However, when I added other constraints in such as 'Authentication', 'Windows Groups', and 'Client IP'. It would fail, on the PA side I would get generic invalid username/password error. I would get an error in the event security logs, actually not pointing towards any error at all simply stating 'No match to NPS policies'. So for my configured VSA rule, I simply removed the constraints, added the time constraint, and it appears to be working. I have to conduct some further tests. I.E removing adding constraints, removing local admin profile etc.
... View more