Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: domain\admin
Account Name: admin
Account Domain: domain
Fully Qualified Account Name:

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 18-E8-29-C0-F4-07:RADIUS
Calling Station Identifier: 98-AF-65-40-4B-1F

NAS:
NAS IPv4 Address: 172.16.100.2
NAS IPv6 Address: -
NAS Identifier: 85af067a-34e2-5828-a73d-78d6bc5b1ce8
NAS Port-Type: -
NAS Port: -

RADIUS Client:
Client Friendly Name: UniFi
Client IP Address: 172.16.100.2

Authentication Details:
Connection Request Policy Name: Use Windows authentication for all users
Network Policy Name: Connections to other access servers
Authentication Provider: Windows
Authentication Server: radius.domain.local
Authentication Type: MS-CHAPv2
EAP Type: -
Account Session Identifier: 38333562723179313036667964746570
Logging Results: Accounting information was written to the local log file.
Reason Code: 65
Reason: The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.