none
*Solved? Network Policy Server IAS Service can't start

    Pregunta

  • Edit edit:

    I deleted %windir%\system32\ias\ias.xml and %windir%\system32\ias\iasTemplates.xml as I found a post saying those would set the NAP settings back to default upon reinstalling. Installation now worked, and I'm not getting the original error any longer. I will update this post again if the problem re-appears after I've tried configuring the NAP role.

    Edit:

    Tried uninstalling NAP, restarting the server, and then install it again. The installation now fails with the error: The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed. Error 0x800f0922

    Original post:

    Hi! My first post here, in addition to this being the first server I'm setting up, so I'm in need of some help. I will go in to details about what I've tried so far.

    OS: 2012 R2 via Hyper-V
    Other Roles on this server: AD DS, DHCP, DNS
    When did the problem start: After installing NAP
    What user account I'm using: Administrator on the domain
    Error:

    • When trying to start Network Policy Server service I get the error "Windows could not start the Network Policy Server service on Local Computer. Error 0x80020003: Member not found."
    • Event viewer: "The Network Policy Server service terminated with the following error: Member not found


    What I've tried:

    • Restarting server. Restarting the service.
    • Checked that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl is set to 1. Then i terminated all instances of IASHOST.EXE and tried to start the service. Still got the same error.
      I've read some posts about perhaps an account is lacking the right permissions, but I don't know which user account that might be, as I haven't made any Service Accounts and I don't know if that is needed. To me the error I'm getting sounds more like I should have a service account, but I don't have one.
      Users with rights to this registry key:
      "ALL APPLICATION PACKAGES" has Read
      "CREATOR OWNER" has Full Control over Subkeys
      "SYSTEM" has Full Control
      "Administrators" (In domain) has Full Control
      "Server Operators" (In domain) has Full Control
      "Authenticated Users" has Full Control
    • Found a post saying it might be the firewall blocking something (which sounds like total crap to me as there's no mention of anything like that in any of the error messages), but I verified that in the Windows Firewall the NPS Firewall rules had been automatically added during installation of NAP under Inbound Rules. I couldn't see any in Outbound Rules, but I don't know if there's supposed to be any rules there. I added the UDP ports to be allowed on the firewall of the Hyper V host machine too (ports 1812,1813,1645,1646).
    • I've used "netsh ras set tracing * enable" to get out some log files. Half of the log files are emtpy, the rest I don't understand. Name of log files: Explorer_rasdlg, explorer_rasgcw, ias, iasdatastore_aux, iasrecst, iassdo, iassvcs, iphlpsvc, mprapi, rasplap, svchost_rasdlg. If you need to see the content of any of these, just ask.

    So, I'm quite stuck now. Anyone care to help me out? If you need more information I'd be glad to give it.



    • Editado TechDeals domingo, 24 de mayo de 2015 18:09
    domingo, 24 de mayo de 2015 15:30

Respuestas

  • Hi,

    If issue persist, please make sure that %windir%\system32\ias\ folder has proper permission configured.

    Here is the screenshot of my lab:

    Best Regards,


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    lunes, 25 de mayo de 2015 8:31
    Moderador

Todas las respuestas

  • Hi,

    If issue persist, please make sure that %windir%\system32\ias\ folder has proper permission configured.

    Here is the screenshot of my lab:

    Best Regards,


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    lunes, 25 de mayo de 2015 8:31
    Moderador
  • I’m replying here now because this was #1 result for my search of same issue. This issue can be port binding problem even if ports are not in use: I resolved by changing my network IPV6 setting. Normally on a server with DNS running you set IPV4/6 address to manual, my manual entry fixed an activeperl port binding problem(could not bind if IPV6 disabled) but broke IAS on next reboot. I had to set to IPV6 to auto.
    miércoles, 25 de abril de 2018 23:53