Windows 2016 Server (Fully SPd) Roles installed Active Directory, IIS, DNS Also installed Exchange 2013 CU4
Up to that point the server seemed to be running fine.
Added the role Remote Access, which installs fine Post Install wizard runs and select Deploy VPN only
This then starts Routing and Remote Access Run the “Configure and Enable Routing and Remote Access” wizard
Select a custom config, as the server only has one NIC check VPN Access Wizard completes and prompts to start the service
Click Start Service and a dialog box appears with a rotating clock and nothing else happens. It just hangs and on the window it says, "please wait while the routing and remote access service finishes initialization"
No errors in the event viewer
Tried going to services.msc, Both the “Routing and Remote Access” and “Remote Access Management” services say they are running. Right click on those services and all options are greyed out, so can’t start, stop or restart the services.
After some Google searching I’ve checked the “Logon As A Service” for the local policy and that matches, so I presume that’s ok. Link to that article I also tried setting the permissions on the “Logon As A Service” using a powershell script Link to the script
The GPO for Default Domain Policy and Default Domain Controller Policy are as default from the MSAD installation.
I checked the windows firewall and RRAS rules are there.
What am I missing?
Could it be a firewall preventing the service starting? I tried turning that off, and that made no difference.
Could it be a permission stopping something, if so what?
What should I look for?
##### UPDATE #####
I decided to add a second server to the domain as a member server. I then added the RRAS role and feature.
Ran the wizard to configure RRAS as Custom (only one NIC) VPN Only. The wizard completes and then tries to start the service and simply hangs on the window saying, "please wait while the routing and remote access service finishes initialization" and nothing happens.
This is the exact same problem as the first server.
So I am no left wondering if some sort of GPO is causing it. However both the "Default Domain Policy" and the "Default Domain Controller Policy" remain untouched.
Regardless of that I tried resetting the two GPOs using the below
dcgpofix /target:Domain
dcgpofix /target:DC
and delete the local GPO
RD /S /Q "%WinDir%\System32\GroupPolicyUsers"
RD /S /Q "%WinDir%\System32\GroupPolicy"
gpupdate /force
That didn't change anything either.
I tried resetting the security settings on each of the servers?
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose
I get several "Warning 5 Access Denied" message but claims to have completed.
Must confess I was worried about running that command on DC.
Would resetting the security effect MSAD, MS Exchange or IIS that's running on the main server?
Annoyingly there is nothing in the Event Log at all. When I say nothing I mean no mention of RRAS at all, no errors, no information. So clearly the service starting is hanging before any log information can be recorded.
I tried turning on Tracing, but nothing in there either
netsh ras set tracing * enabled
So where do I go from here?
Any ideas??
##### SOLUTION #####
Yay!!! Many thanks to Bob (See below)
I was indeed running the Windows 2016 server on Proxmox. Changed the Network Card from VirtIO to Intel E1000 then did the RRAS install again.
BINGO!!! the Wizard completed and RRAS is working.
Many thanks Bob...
