NPS - Radius Proxy config

Hello,

Hope someone can assist me on the below.

I am trying to configure NPS as a radius proxy to forward connection request to another NPS but I am having an authentication problem: when a user tries to connect to certain SSID, NPS1 should forward to the request to NPS2 to get authenticated which is not working. As per the Event security on both NPSs,  NPS2 is indeed authenticating the user but on NPS1 i am getting an error 117 (Verify that the remote RADIUS server is available and functioning properly). Basically this is the scenario:

    user <-> wireless controller (10.9.23.4) <-> NPS1(10.9.24.60)<->NPS2 (10.9.24.26) (connected to Active Directory and working properly)

I am attaching the Event security output maybe someone can assist me on this (I have omitted my Domain Name and replaced it with ***)

NPS1

-------

Network Policy Server discarded the request for a user.

Contact the Network Policy Server administrator for more information.

User:
Security ID: NULL SID
Account Name: charbel.bassil@*****
Account Domain:-
Fully Qualified Account Name:-

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:-
OS-Version: -
Called Station Identifier:F8-C0-01-AA-4F-C0:testSSID
Calling Station Identifier:F8-84-F2-1E-BB-7C

NAS:
NAS IPv4 Address:10.9.23.4
NAS IPv6 Address:-
NAS Identifier:Juniper
NAS Port-Type:Wireless - IEEE 802.11
NAS Port: 49403

RADIUS Client:
Client Friendly Name:Controller
Client IP Address:10.9.23.4

Authentication Details:
Connection Request Policy Name:Fwd-to-NPS2
Network Policy Name:-
Authentication Provider:RADIUS Proxy
Authentication Server:10.9.24.26
Authentication Type:-
EAP Type: -
Account Session Identifier:-
Reason Code: 117
Reason: The remote RADIUS (Remote Authentication Dial-In User Service) server did not respond.

NPS2

------

Network Policy Server granted full access to a user because the host met the defined health policy.

User:
Security ID: ***\charbel.bassil
Account Name: charbel.bassil@****
Account Domain:***
Fully Qualified Account Name:****/Charbel Bassil

Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name:-
OS-Version: -
Called Station Identifier:F8-C0-01-AA-4F-C0:testSSID
Calling Station Identifier:F8-84-F2-1E-BB-7C

NAS:
NAS IPv4 Address:10.9.23.4
NAS IPv6 Address:-
NAS Identifier:Juniper
NAS Port-Type:Wireless - IEEE 802.11
NAS Port: 49403

RADIUS Client:
Client Friendly Name:NPS-60
Client IP Address:10.9.24.60

Authentication Details:
Connection Request Policy Name:Secure Wireless Connections
Network Policy Name:testSSID
Authentication Provider:Windows
Authentication Server:10.9.24.26
Authentication Type:MS-CHAPv2
EAP Type: -
Account Session Identifier:-

Quarantine Information:
Result: Full Access
Extended-Result:-
Session Identifier:-
Help URL: -
System Health Validator Result(s):-

I can see that NPS2 has granted me full access but still can't connect and receiving the 117 error on NPS1, what am I missing here?