locked
How Do I Forcibly Disable Internet Connection Sharing in Server 2012 RRS feed

  • Question

  • Hi,

    The folks who installed Windows Server 2012 on a new network mistakenly enabled Internet Connection Sharing and I can't disable it to enable RRAS configuration for client Internet Access.

    I followed the instructions in the Enable or disable Internet Connection Sharing with Group Policy article, which includes "Windows Server 7" as a supported OS, but editing the Network Administrative Template by enabling the Network Connections' Prohibit use of Internet Connection Sharing on your DNS domain network policy and rebooting didn't disable ICS. It did, however, remove the Network Connections template from the Network section (only Firewall remains.)

    How can I force disabling of this feature, which never should have been implented on a server that offers RRAS.

    Thanks in advance,

    --rj


    Microsoft Access 2010 In Depth (QUE Publishing)
    OakLeaf Blog
    Access 2010 Blog
    Amazon Author Blog

    Monday, February 25, 2013 5:12 PM

Answers

  • A Microsoft Support Technician recommended the following registry key change, which finally forced the ability to configure RRAS NAT after the ICS fiasco:

    HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess

    Look for a key called ConfigurationFlags

    If it has a value of "0", replace, it with "1"

    If the DWORD ConfigurationFlags doesn't exist, create it by making a new DWORD key called ConfigurationFlags and set the value to "1" Decimal (without the quotes).

    • Also check if there are any "Incoming Connections" configured in Network Interfaces. If you see it, delete it.
    • Once the registry changes are done, please reboot server and then try to reconfigure the RRAS.

    The key had a 0 value, so I replaced it with 1, which enabled RRAS NAT configuration.

    Unfortunately, the process disabled the DHCP management tool, which I couldn't fix by removign and reinstalling DHCP. So I had to repave the server in the end.


    Microsoft Access 2010 In Depth (QUE Publishing)
    OakLeaf Blog
    Access 2010 Blog
    Amazon Author Blog




    • Marked as answer by Roger Jennings Wednesday, March 6, 2013 5:19 PM
    • Edited by Roger Jennings Wednesday, March 6, 2013 5:22 PM Clarification
    Wednesday, March 6, 2013 5:19 PM

All replies

  • Hopefully, someone will respond to this question before I must repave the server.

    The Internet network adapter's Advanced page states "Internet Connection Sharing has been disabled by the network administrator."

    RRAS doesn't appear to believe this is the case.

    --rj


    Microsoft Access 2010 In Depth (QUE Publishing)
    OakLeaf Blog
    Access 2010 Blog
    Amazon Author Blog

    Wednesday, February 27, 2013 10:20 PM
  • Hi,

    Thank you for the post.

    If you enable the policy “Prohibit use of Internet Connection Sharing on your DNS domain network”, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. In the Advanced tab in the Properties dialog box for a local area network (LAN) or remote access connection, under Internet Connection Sharing, it says “Internet Connection Sharing has been disabled by the Network Administrator.”

    Regards,


    Nick Gu - MSFT

    Thursday, February 28, 2013 7:04 AM
  • Hi, Nick,

    Your reply quoted my message starting "Hopefully ...," which is not helpful.

    The problem is that RRAS configuration doesn't recognize the fact that I have prohibited use of ICS after it was mistakenly installed on the server by a vendor.

    What I NEED to know is how to enable RRAS configuration for NAT under these circumstances.

    Thanks in advance,

    --rj


    Microsoft Access 2010 In Depth (QUE Publishing)
    OakLeaf Blog
    Access 2010 Blog
    Amazon Author Blog


    Thursday, February 28, 2013 6:44 PM
  • Not having received a useful reply withing two business days, I've filed an online support ticket and am awaiting initial contact.

    --rj


    Microsoft Access 2010 In Depth (QUE Publishing)
    OakLeaf Blog
    Access 2010 Blog
    Amazon Author Blog


    Friday, March 1, 2013 12:40 AM
  • A Microsoft Support Technician recommended the following registry key change, which finally forced the ability to configure RRAS NAT after the ICS fiasco:

    HKLM\SYSTEM\CurrentControlSet\Services\RemoteAccess

    Look for a key called ConfigurationFlags

    If it has a value of "0", replace, it with "1"

    If the DWORD ConfigurationFlags doesn't exist, create it by making a new DWORD key called ConfigurationFlags and set the value to "1" Decimal (without the quotes).

    • Also check if there are any "Incoming Connections" configured in Network Interfaces. If you see it, delete it.
    • Once the registry changes are done, please reboot server and then try to reconfigure the RRAS.

    The key had a 0 value, so I replaced it with 1, which enabled RRAS NAT configuration.

    Unfortunately, the process disabled the DHCP management tool, which I couldn't fix by removign and reinstalling DHCP. So I had to repave the server in the end.


    Microsoft Access 2010 In Depth (QUE Publishing)
    OakLeaf Blog
    Access 2010 Blog
    Amazon Author Blog




    • Marked as answer by Roger Jennings Wednesday, March 6, 2013 5:19 PM
    • Edited by Roger Jennings Wednesday, March 6, 2013 5:22 PM Clarification
    Wednesday, March 6, 2013 5:19 PM