locked
NPS Server Install Fails Win08 x64 Only DC RRS feed

  • Question

  • I cannot get NPS to install on our ONLY server - a Windows 2008 64 bit DC.   There is no precise reason given for failure to install, it just tries to do it, fails, and says the server must be restarted.   In the Event Log is refers to Event 1617, which is no help at all.   There's absolutely nothing in the install logs that gives any additional detail - in fact - that log is full of entries with a January 2008 date - and the server itself was installed this past August (2009)!

    I've seen some posts from MSFT about removing the DC role, etc. but obviously that's just not possible here as it is the ONLY DC and is in live production.

    Friday, October 23, 2009 10:12 PM

Answers

  • Finally success! NPS installed correctly when I disable the IPv6 configuration altogether. Likely there was an error in my configuration somewhere, but since I don't need IPv6 for anything right now, I'm happy with this config..

    Thanks for the help!


    • Marked as answer by Donny Rose Tuesday, December 15, 2009 10:56 AM
    Tuesday, November 17, 2009 10:19 AM
  • If from IPCONFIG /all output it was clear that you machine was assigned IPAddress "::ffff:192.168.31.120" to BC_WAN adaptor, that is IPv6to4 address we should not assign/set it manually. That was the issue. For more information on this kind of IPaddress visit http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm

    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    • Marked as answer by Donny Rose Tuesday, December 15, 2009 10:56 AM
    Tuesday, November 17, 2009 9:41 PM

All replies

  • HI,
     Can you try the instructions mentioned here ?
       http://blogs.technet.com/sbs/archive/2009/02/20/the-network-policy-server-service-ias-fails-to-start-or-be-installed.aspx

        Can try the other solutions also discussed in the thread http://social.technet.microsoft.com/Forums/en-US/winserverNAP/thread/a987cf99-7f7c-4bbc-b8fd-e262a61db1f9

    Kindly reply with your investigations and we are willing and happy to help you.

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Sunday, October 25, 2009 3:41 AM
  • Hi BillWCH
    If you are not on SP2, Please move to Windows Server 2008 SP2 and try.!
    If it still fails, please share CBS logs with us.


    Sanjai G This is just a suggestion. Microsoft doesn't own any liability & responsibility for any of my posting.!
    Monday, October 26, 2009 9:45 AM
  • Hi BillWCH,

    Most likely the first link in RamaSubbu's reply will solve your issue. If not, please check the solutions in the second link and share the log files with us.

    The CBS logs does not include all information we need for investigation. Please enable NPS tracing and share log files under %windir%\tracing folder.

    [Copied the instruction from the other link for your convenience.]
    1. Enable tracing on the elevated command line with netsh ras set tracing * enable
    2. Reboot the machine and try installing the NPS services again.
    3. Review and provide the output from logs in %windir%\tracing.
    4. When ready, disable tracing with netsh ras set tracing * dis


    Thanks
    -Shihua
    Monday, October 26, 2009 6:17 PM
  • <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-alt:"Calisto MT"; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 415 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-alt:"Times New Roman"; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520092929 1073786111 9 0 415 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin;} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page Section1 {size:612.0pt 792.0pt; margin:72.0pt 72.0pt 72.0pt 72.0pt; mso-header-margin:36.0pt; mso-footer-margin:36.0pt; mso-paper-source:0;} div.Section1 {page:Section1;} -->

    Hi BillWCH,

    Please share the below logs as well..!!


    %windir%\WindowsUpdate.log

    %windir%\Panther\setupact.log

    %windir%\Panther\setuperr.log (if it exists)

    %windir%\logs\CBS\CBS.log

    %windir%\logs\CBS\CBS.persist (if it exists)

    %windir%\winsxs\poqexec.log (if it exists)

    %windir%\winsxs\pending.xml (if it exists)

     

    But move to SP2 and try, prior to this.!


    Thanks!



    Sanjai G This is just a suggestion. Microsoft doesn't own any liability & responsibility for any of my posting.!
    Tuesday, October 27, 2009 5:40 AM
  • Bill, oddly enough, I've been pulling my hair out to figure this one out for weeks now (you may find my other posts on this subject)- same issue as you w/same setup on x64 etc, however I have 2 DCs, one @ each WAN site, and the 1 DC installed NPS just fine.

    I just couldn't stomach the paying M$ for this one.  Oddly enough, just recently, I added the Exchange 2007 Management Console to this server because I wanted to have one stop shopping on this server.  The EMC pre-install requirements are some components of IIS and one other feature (can't remember now).  Now, that was 2 days ago and that installed just fine on this odd DC.  Today, because our football team is away (which is the only time I am 'allowed' to reboot the servers except in an emergency), I decided to try the NPS installation again - VOILA!  Thank GOD!  My record still stands at 1 call to Microsoft in my 20 years....  Your mileage may vary.

    Oh, by the way, originally, I did have NPS working fine on this server, but it failed after I installed SP2... I removed SP2 and still no go.  Now that I just got NPS working, I'm keeping SP2 off of this machine.  My other 2008 DC does have NPS and SP2.
    Saturday, October 31, 2009 2:30 AM
  • Thanks Scomeau for sharing your experience. Now that you have installed the NPS role installed and working. You can install SP2 fine I think.

    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Saturday, October 31, 2009 10:20 PM
  • It is SP2

    I have all the log - some are quite large.   How do you propose I get them to you??    Pasting their content into this reply would be very difficult, considering their size.



    Sunday, November 1, 2009 11:52 PM
  • Bill, seriously, try and install the prerequisites for Exchange 2007, i.e. PowerShell and IIS 6 Management Components:
    IIS 6 Metabase Compatibility
    IIS 6 WMI Compatibility
    IIS 6 Scripting Tools
    IIS 6 Management Console 

    Worked like a charm for me.  I had the same issues and errors that you did (2008 x64 also).  Can't explain it, though.
    Sunday, November 1, 2009 11:58 PM
  • You upload and share it with us via http://SkyDrive.live.com 

    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Monday, November 2, 2009 12:00 AM
  • You want me to post all logs in the public folder??   Please give me exact instructions on what you wish me to do...

    Thanks.
    Monday, November 2, 2009 12:11 AM
  • ok send all to my hotmail ID

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    • Edited by RamaSubbu SK Monday, November 2, 2009 7:50 AM Removing my email address to avoid spam
    Monday, November 2, 2009 12:18 AM
  • OK - being sent as compressed folder from my gmail account.

    BTW - the foum is supposed to "alert" me when there are new posts on this topic - to the gmail account. Never does.  Which is why you didn't hear back from me in a week.

    Monday, November 2, 2009 12:49 AM
  • Bill, seriously, try and install the prerequisites for Exchange 2007, i.e. PowerShell and IIS 6 Management Components:
    IIS 6 Metabase Compatibility
    IIS 6 WMI Compatibility
    IIS 6 Scripting Tools
    IIS 6 Management Console  

    Worked like a charm for me.  I had the same issues and errors that you did (2008 x64 also).  Can't explain it, though.


    Sorry - misunderstood your suggestion,  I still don't jhave Exch 07 BUT all the prereqs you suggested I install & then try NPS - which worked for you - all those components have been installed since before my first attempt at NPS install.  Again - thanks for trying to help.    Bill
    Monday, November 2, 2009 1:12 AM
  • thanks a lot BilWCH. I got the logs and will update the forum with our finding.


    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Monday, November 2, 2009 1:21 AM
  • Hi BillWCH,

    After looking at the log files, I found there was another program using port 1812 before NPS service started. During installation, NPS service tried to bind to port 1812 and failed, which caused the installation failed.

    Could you check which program is using the port 1812 by the following command: "netstat -a -b". Close the program that caused the port binding confliction, and install NPS service again.

    Thanks,
    Shihua
     
    Monday, November 2, 2009 9:58 PM
  • Hi BillWCH,

    After looking at the log files, I found there was another program using port 1812 before NPS service started. During installation, NPS service tried to bind to port 1812 and failed, which caused the installation failed.

    Could you check which program is using the port 1812 by the following command: "netstat -a -b ". Close the program that caused the port binding confliction, and install NPS service again.

    Thanks,
    Shihua
     

    I managed to find a port program that allowed me to see exactly what program was on port 1812.   It was w3wp.exe (Radius) part of IIS.    So I stopped the process & tried to re-install NPS again.   SAME ERROR and when I checked the ports before rebooting the server, port 1812 was again being used by w3wp.exe - which leads me to believe the NPS process itself started it.

    So now we have a Microsoft program preventing itself from installing - or one Microsoft component blocking another??




    Tuesday, November 3, 2009 12:55 AM
  • Do you have Symantec Endpoint Protection solution installed on the machine ? I see another third party application i.e. Symantec Endpoint Protection is also sharing that port, if you have that I would ask you to install that and try installing the NPS. Here is the link which tells you Symantec Endpoint Protection ports usage
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148

    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Tuesday, November 3, 2009 2:13 AM
  • Do you have Symantec Endpoint Protection solution installed on the machine ? I see another third party application i.e. Symantec Endpoint Protection is also sharing that port, if you have that I would ask you to install that and try installing the NPS. Here is the link which tells you Symantec Endpoint Protection ports usage
    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007090614430148

    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.

    The server runs the Symantec SEP Manager.   But I cannot uninstall it without removing group protection for clients.   Surely NPS can share that port.
    Tuesday, November 3, 2009 3:45 AM
  • Great, atlast we have found which application is stop this NPS Installation. I think you can change it to different port to use in SEPM Manager. Can you try steps mentioned in the link below and inform us ?
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/dd03c4700d6dda2580257393003dd54e

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Tuesday, November 3, 2009 6:14 AM
  • Great, atlast we have found which application is stop this NPS Installation. I think you can change it to different port to use in SEPM Manager. Can you try steps mentioned in the link below and inform us ?
    http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/dd03c4700d6dda2580257393003dd54e

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    I'm going to have to find out from Symantec what they consider viable as an alternate port.   I doubt that I can just choose one at random.
    Tuesday, November 3, 2009 4:27 PM
  • Yes, you are correct. YOu have to make sure that the Enforce on the client knows about the new port you have configured in the SEPM Manager.

    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Tuesday, November 3, 2009 10:29 PM
  • Yes, you are correct. YOu have to make sure that the Enforce on the client knows about the new port you have configured in the SEPM Manager.

    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.

    Well - I removed the SEPM Mgr from port 1812 (moved it to 1813), followed all Symantec's instructions, double checked that NOTHING was on port 1812 - tried to reinstall NPS and...SAME EXACT ERROR.
    Wednesday, November 4, 2009 11:18 PM
  • I am trying to repro this issue in my local box but not succeed. It is highly appreciated if anyone can provide the exact steps.

    Thanks in advance.
    Sorry. My posting is my personal suggestion, Microsoft won't take any responsibilities for my posting. But I am more than happy to try my best to help you.
    Wednesday, November 4, 2009 11:50 PM
  • I am trying to repro this issue in my local box but not succeed. It is highly appreciated if anyone can provide the exact steps.

    Thanks in advance.
    Sorry. My posting is my personal suggestion, Microsoft won't take any responsibilities for my posting. But I am more than happy to try my best to help you.

    The exact steps: adding NPS as a server role.  Period.    RammaSabu has all the logs asked for above.
    Thursday, November 5, 2009 4:27 AM

  • Port 1813 is also used by RADIUS Protocol , i.e. by the NPS Server. According to the link below the ports that is needed for NPS Role to function properly is 1812 and 1645 for authentication, and 1813 and 1646 for accounting. Can you give someother free port number and give us the feedback ?
    http://technet.microsoft.com/en-us/library/cc781821(WS.10).aspx


    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Thursday, November 5, 2009 6:39 AM
  • I am having the same exact problem on 2008 R2 x64. I can install routing but with NPS it's no deal. I have tried all of the solutions suggested here and in other similar threads.. does anyone have a solution for this?

    Friday, November 13, 2009 6:03 PM
  • Hi Nexenizer,
       From your request I can assume that your verified/tried the solutions for both the issues VSS and port already in use. We would need the logs from your computer and send me the logs to asknap@microsoft.com (kindly compress all the logs in zip format and attach it in the mail)


    1. Enable tracing on the elevated command line with netsh ras set tracing * enable
    2. Reboot the machine and try installing the NPS services again.
    4. When ready, disable tracing with netsh ras set tracing * dis
    3. Review and provide us the following logs in
       %windir%\tracing.
       %windir%\WindowsUpdate.log
       %windir%\Panther\setupact.log
       %windir%\Panther\setuperr.log (if it exists)
       %windir%\logs\CBS\CBS.log
       %windir%\logs\CBS\CBS.persist (if it exists)
       %windir%\winsxs\poqexec.log (if it exists)
       %windir%\winsxs\pending.xml (if it exists)


    Thanks
    -RamaSubbu SK


    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Friday, November 13, 2009 7:17 PM
  • Thanks for the fast response RamaSubbu, I'll get on this tomorrow so you can expect some mail. I did indeed try the VSS solutions and there is no other software using the ports mentioned.


     
    Friday, November 13, 2009 9:31 PM
  • Hi Nexenizer,
      From the logs it looks some other software is using that Port. Can you send us the output of NETSTAT -a -b also to make sure no other application is listening to 1812 & 1645 ports ? Logs entries are

    [2056] 11-14 12:57:40:000: Bind failed for socket address:::ffff:192.168.31.120-1812; error = 10048
    [2056] 11-14 12:57:40:000: Bind failed for socket address:::ffff:192.168.31.120-1645; error = 10048

    Thanks
    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Saturday, November 14, 2009 11:11 PM
  • Hello again. Just sent you the log. I couldn't find any reference to ports 1812 or 1645 though. And the same software is running.. 

    Monday, November 16, 2009 4:26 PM
  • Thanks a lot sending us the log. As you said there is no application using this.
    ffff:192.168.31.120-1645 is IPv6 to IPv4 address,
    Can you also paste the output here of following netsh command ?
    netsh interface 6to4 show state

    Can you also try executing the following command (to disable the IPv6 to IPv4 address) ?

    netsh interface 6to4 set state state=disabled undoonstop=disabled

    Meanwhile I will also consult the internal other experts to help you.

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Monday, November 16, 2009 5:23 PM
  • Hi,
        After looking into logs with more deeper eyes, we have found NPS Role is trying to bind twice on a IP6to4 address.  We are wonder here how it can be, can also send us the IPCONFIG /all > output .txt ? Do you also have any specific IPv6 network ?  Can you also try reseting the tcp stack configuration by executing NETSH INT IPv4 reset & NETSH INT Ipv6 reset?  Below is the log it tells us this information.

    [2056] 11-14 12:57:40:000: RADIUS Server starting to listen on fe80::bc41:f15d:db96:d18e%15-1812
    [2056] 11-14 12:57:40:000: RADIUS Server starting to listen on fe80::182a:70c2:4125:ec16%19-1812
    [2056] 11-14 12:57:40:000: RADIUS Server starting to listen on ::ffff:192.168.31.120-1812
    [2056] 11-14 12:57:40:000: Bind failed for socket address:::ffff:192.168.31.120-1812; error = 10048
    [2056] 11-14 12:57:40:000: RADIUS Server starting to listen on fe80::bc41:f15d:db96:d18e%15-1645
    [2056] 11-14 12:57:40:000: RADIUS Server starting to listen on fe80::182a:70c2:4125:ec16%19-1645
    [2056] 11-14 12:57:40:000: RADIUS Server starting to listen on ::ffff:192.168.31.120-1645
    [2056] 11-14 12:57:40:000: Bind failed for socket address:::ffff:192.168.31.120-1645; error = 10048

    Thanks
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    • Edited by RamaSubbu SK Monday, November 16, 2009 10:31 PM adding more info
    Monday, November 16, 2009 10:31 PM
  • Finally success! NPS installed correctly when I disable the IPv6 configuration altogether. Likely there was an error in my configuration somewhere, but since I don't need IPv6 for anything right now, I'm happy with this config..

    Thanks for the help!


    • Marked as answer by Donny Rose Tuesday, December 15, 2009 10:56 AM
    Tuesday, November 17, 2009 10:19 AM
  • Wow!! THis is good news.
    We are happy that your issue is resolved.

    Feel free to ask, if you have any futher questions.

    Thanks a lot
    -RamaSubbu SK
    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    Tuesday, November 17, 2009 4:52 PM
  • If from IPCONFIG /all output it was clear that you machine was assigned IPAddress "::ffff:192.168.31.120" to BC_WAN adaptor, that is IPv6to4 address we should not assign/set it manually. That was the issue. For more information on this kind of IPaddress visit http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm

    -RamaSubbu SK


    Sorry! Microsoft doesn't own any liability & responsibility for any of my posting.
    • Marked as answer by Donny Rose Tuesday, December 15, 2009 10:56 AM
    Tuesday, November 17, 2009 9:41 PM
  • Thanks for this note. You helped me with resolving this issue by turning off IPv6. 

    I was getting the following error: 

    The Network Policy Server service terminated with the following error: 
    %%-2147014848

    Each time I tried to restart the NPS service, it would error out. Once I turned off IPv6, the service started like a charm.

    Thursday, December 11, 2014 7:18 AM