Announcement

Collapse
No announcement yet.

Lost Connectivity and Active Directory after installing/uninstalling NPS

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Lost Connectivity and Active Directory after installing/uninstalling NPS

    Hi, Folks

    I have a serious problem with a Windows 2008 Standard domain controller.

    There are two DC's, the affected one and a W2k3 DC.

    What happened:

    I have been looking into Network Policy Server and decided to install the RRAS role as a start to see how it looked and to test it out. I did this via Remote Desktop while logged on as the domain administrator.

    I installed the role via Server Manager, choosing Routing and Remote Access and nothing else. I chose the first option to handle VPN connections. (I did not write this down so my terminology will be off). I told it to get DHCP addresses from the domain and not to assign them itself.

    After the installation finished, which was successful, a message appeared about a configuration option with a link to a help topic. I clicked the link and it displayed information about setting the DHCP relay server. When I closed the help file, NPS was shown in the list of roles in Server Manager, and Routing and Remote Access was visible off that. When I clicked it, there was a message to configure it and it asked for the DHCP information so I entered the IP address of our DHCP server which is the W2k3 domain controller.

    When I clicked OK there was a pause and then the Remote Desktop connection died.

    No problem, I thought, so I went to the server and logged on. The network icon showed local access only, although the network could not be reached. Mapped drives on the 2008 machine could not be accessed, and trying to connect to a machine using a UNC path failed. Pinging the 2008 server from another machine failed.

    So, I thought, right let's try and reverse this. I used the Server Manager to uninstall NPS. This went fine and it requested a restart. After restarting and logging back in the uninstall completed successfully. Unfortunately, the machine was still unable to connect to the network.

    The problem is that Active Directory cannot be accessed either. When I try to open ADUC a message appears:

    Code:
    Naming information cannot be located for the following reason:
    The server is not operational.
    When I use the network diagnostic to check the connection the following is shown:

    Code:
    The following policy might need to be adjusted to allow Windows to connect:
    Policy provider: Filter Name:local send filter driver filter
    The network is shown as a Private network. A red cross exists between the network and the Internet on the diagram in the Network and Sharing Center.

    I tried running DCDiag but it failed with an LDAP error.

    Another check I ran (I can't remember which - sorry) said that the Primary DNS was OK.

    I have also tried disabling the firewall via services.msc

    I can view active directory on the 2003 domain controller without any problems.

    Unfortunately, I had to leave the office and will not be able to get back to the server until Sunday.

    I have system state backups from Thursday.

    I am quite busy this weekend, but will be scouring the net for any information when I can.

    Does anyone know how I may remedy this? If anyone has any suggestions about how I might recover active directory and connectivity on this server between now and Sunday I will be truly grateful.

    Thanks.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

    it sounds like it's put a network layer filter further down the tcp stack.. you might need to check services and see if there's anything new..
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

      Thank you very much.

      I'll check that out on Sunday. If I can't see anything I will also try repairing TCP/IP and if that fails I'll have a go at removing and reinstalling TCP/IP.

      That's great - I was in panic mode - it's good to get some help from a calm person.

      If anyone else has any ideas please post.

      Thanks!
      A recent poll suggests that 6 out of 7 dwarfs are not happy

      Comment


      • #4
        Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

        oh i'm not a calm person :P
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

          hehe

          Well, I'll also be checking the advanced adaptor TCP/IP properties and the filtering options there later today.

          When I installed NPS on Friday there was about 40 minutes left until I finished work. Based on my experience for the setup for RRAS and IAS on W2k3 the last thing I expected to happen was for connectivity to be lost It took me completely by surprise.

          Also, I had to leave work as I had to collect my son so I had no time to research the problem before starting this thread. Thank goodness this did not happen Mon-Thur...

          Ahh - if only we could afford a test environment!
          A recent poll suggests that 6 out of 7 dwarfs are not happy

          Comment


          • #6
            Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

            I checked the services and could not see anything that remotely resembled the filter driver. I also discovered there is no filtering option for the IPV4 advanced properties of the adaptor.

            Opened a command prompt and reset IP. The command window reported that it had been successful so I restarted the server. No network but that was because the adaptor had been assigned an APIPA address because it could reach a DHCP server. Not a good sign. I reassigned it the original static address it had before the problem started. But no network.

            I restarted again and after logging in, the network icon reported local and Internet access. Hooray! Also, no failure message about connecting to mapped drives appeared. I opened Computer and successfully accessed a mapped drive on our storage server.

            However, after a couple of minutes, it went again. The mapped drive was displayed with a red X and when I tried to ping the storage server ping reported 'General Failure'. If I try to connect to the mapped drive, a progress bar appears in the address bar of Computer, and then a message appears stating: 'The local device name is already in use. This connection has not been restored'. Trying to ping the domain controller from another machine results in 'Request timed out'.

            Again, I also tried stopping the firewall but no dice. I tried to open WINS but got a message stating 'Cannot find the WINS server'. Like a dumbo I completely forgot to check ADUC, but I suspect the same would have happened.

            Would a demotion/promotion via dcpromo sort this out?

            Also, the affected domain controller holds all the FSMO roles. Does anyone know how long I can expect the W2K3 domain controller to function without access to the FSMO king? Should I sieze the roles sooner rather than later?

            Thanks!
            A recent poll suggests that 6 out of 7 dwarfs are not happy

            Comment


            • #7
              Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

              When I restart the server and log in network status changes to local and Internet. But, connectivity is lost about a minute after logging in.

              When I open Computer Management I can see a node named Network Policy and Access Service under Event Viewer\Custom Views\Server Roles\

              It contains error and warning events identified during installation: 20106 (no IPV6 which was not being used), 20192 (no certificate found) and 20196 (no DHCP server found, assigning APIPA address). After restarting today the following error and warning events are logged: 20192 and 20106.

              However, if I start the Remove Roles Wizard the Network Policy and Access Service is shown as not being installed.

              I am running out of ideas for what to do with this. If anyone can help I would appreciate it very much indeed.

              I have disabled the Windows Firewall to no effect.
              A recent poll suggests that 6 out of 7 dwarfs are not happy

              Comment


              • #8
                Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

                The only issue I have ever had with a 2008 R2 DC of this nature was when it had not dropped itself into the domain zone. As Primary DNS was pointing at itself after rebooting the DC, it wasn't placing itself in a suitable zone, so setting the Primary DNS as the other DNS server and restarting resolved the issue. I perhaps could have achieved the same by restarting the DNS client service instead.
                Last edited by Virtual; 28th June 2011, 08:22. Reason: spelling of nature

                Comment


                • #9
                  Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

                  Thanks for the input, I appreciate it.

                  After much searching I came across this post where one on of the respondents states that under some configurations all non-VPN connections will be dropped and it matched my problem exactly.

                  So, it looks like I goofed and choose the wrong configuration when setting up RRAS through Network Policy Access Server.

                  What I'm annoyed about is the fact that uninstalling the server role did not reverse the changes that were made.

                  Anyway - tehcamel was on the right track. After checking more about RRAS I checked the services again and the routing and remote access service was enabled, but with a delayed start. Aha! This might account for the fact that network access was fine when initially logged on but that it would disappear after a minute or so.

                  I am so used to seeing it on our W2k3 server that I did not take any notice of it when initially checking the services. And, of course, I have never thought to document the list of services running on the servers (I will now!).

                  I disabled it and rebooted and everything seems to be back to normal.

                  I was sweating but thankfully a zen-like calm is now slowly permeating my body

                  Thanks to tehcamel and Virtual for their help! Rep++
                  A recent poll suggests that 6 out of 7 dwarfs are not happy

                  Comment


                  • #10
                    Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

                    Thanks and glad you managed to resolve the issue.

                    Comment


                    • #11
                      Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

                      I reinstalled the NPAS role with the RRAS role service on the domain controller this weekend. After enabling the RRAS service network connectivity was again lost.

                      This time, however, I knew what the problem was. During the initial setup, when configuring RRAS as a VPN server there is an option to 'Enable security on the selected interface by setting up static filters'. I had originally letf this checked as I did not understand that the option would drop all traffic except VPN traffic.

                      The problem is that uninstalling and reinstalling NPAS does nothing to reset this - it picks up the old settings. You are not prompted to set this up again.

                      I manually added the ports required by a domain controller to the inbound and outbound filters but although connectivity was restored it was incredibly slow.

                      In the end I removed all the filters. The VPN works fine and access to the domain controller is fine.

                      If anyone else encounters this issue and they have mistakenly enabled the static filters, cutting off their DC from the network, they can remove the inbound and outbound filters via: Server Manager>Network Policy and Access Services>IPV4>General. Right-click Local Area Connection and choose Properties.
                      A recent poll suggests that 6 out of 7 dwarfs are not happy

                      Comment


                      • #12
                        Re: Lost Connectivity and Active Directory after installing/uninstalling NPS

                        thanks blood for your input, it really made my day, i had the same problem and it made me go crazy! i knew it was from the routing and remote access service, if u stop the service suddenly everything would be fine, when u start it the ping to the dc would suddenly cut out. removing filters solves the problem completely. thanks again

                        Comment

                        Working...
                        X