locked
NPS bug on windows server 2019 RRS feed

  • Question

  • I installed 2 new windows server 2019 with NPS and VPN and in both servers I have the same error.

    Cannot initialize the Routing and remote access service due to an error in the NPS service:

    RAS log: Event 20153: The currently configured accounting provider failed to load and initialize successfully. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.

    NPS log: Event 4404: 

    NPS cannot log accounting information in the primary data store (C:\Windows\system32\LogFiles\IN1902.log). NPS will continue to process connection requests without logging accounting information in this data store. Error information: 22.

    The NPS has default accounting settings writing logs to a file not an SQL database.

    I have tried deleting the log file and restarting the NPS service but I get the same error. 

    I can solve the issue when i deactivate Logging failure action: "If loggin fails, discard connection requests", in Log file properties in accounting of the NPS service.

    After that change the RAS service starts sucessfully.

    Tuesday, February 12, 2019 11:12 PM

All replies

  • May be a known issue. Try configuring a firewall port rule to allow UDP 1813 and 1812, then you can also vote this one up.

    https://windowsserver.uservoice.com/forums/295059-networking/suggestions/35724043-fix-default-nps-firewall-rules-for-server-2019

     

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.


    Tuesday, February 12, 2019 11:59 PM
  • Hi,

    • check the UDP ports 1813 and 1812.
    • install NPS and RRAS roles on different servers.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, February 13, 2019 7:07 AM
  • It is a different issue, I even have the firewall disabled.

    The NPS and RAS are installed in the same server, previously had it working that way in windows server 2008 R2. 

    I dont use Radius authentication for the VPN.

    Wednesday, February 13, 2019 5:00 PM
  • Hi,

    Please try changing configuration of accounting.

    Meanwhile, I will also report the issue to our product team for further confirmation.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 15, 2019 7:33 AM
  • Hi, thats how i workaround the issue, in accounting i deactivated the last option: If logging fails discard connection requests. After that tchange he RAS service starts sucessfully.
    Sunday, February 17, 2019 10:04 PM
  • Hi,

    While we were not able to make the requested changes to the product at this time, I will watching closely to this issue, If there is any related update, I will let you know.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Tuesday, February 19, 2019 7:49 AM
  • I came across the same issue.

    I tried to stop NAPS and delete IN1902.log and then NAPS will start OK and RRAS will be able to start, too.

    However, if I reboot the server, NAPS will again producing a warning log saying it's unable to log data to IN1902.log and thus RRAS will fail to start.

    Thursday, February 21, 2019 2:24 PM
  • Hi,

    While we were not able to make the requested changes to the product at this time, I will watching closely to this issue, If there is any related update, I will let you know.

    Best regards,

    Travis


    Please remember to mark the replies as an answers if they help.

    Hi!

    I have the same problem in a test environment.

    Any news about a future patch?

    Thanks!

    Tuesday, April 16, 2019 11:37 PM
  • Hi!

    I have the same problem in a test environment.

    Any news about a future patch?

    Thanks!

    When it does happen it will likely just come within one of the cumulative updates.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, April 16, 2019 11:49 PM
  • Hi, not sure if you figured it out already but anyways it might help people in the future:

    Start the RRAS service before NPS. - Set RRAS service to startup type "Automatic" and the NPS service to "Automatic (delayed start)".

    Generally the RRAS service seems pretty buggy with Server 2019.

    Tuesday, June 18, 2019 7:49 PM
  • See Chris Alton's answer here.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/cf047df5-ed4a-46b9-9564-c9db5a9bc8dc/windows-server-2019-default-nps-firewall-rules-port-1812-udp-not-working?forum=ws2019

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, August 20, 2019 4:55 PM
  • Where does it say NPS is depreciated, I can't find this anywhere, there should be a fix.
    Tuesday, August 20, 2019 11:47 PM
  • This definitely helps, but the problem is that even if NPS starts later, it's going to log something like


    NPS cannot log accounting information in the primary data store (C:\WINDOWS\system32\LogFiles\NPS\IN1909.log). Due to this logging failure, NPS will discard all connection requests. Error information: 22.

    and it will discard all the requests and that will be its own RADIUS server is not working for remote clients.

    The problem seems to be that the RRAS service tries to use the same log file as NPS and they fight over it.  Here you can see I've tried to change the path of the logging in NPS but RRAS must look at the same path!  So the only solution until Microsoft fixes this (and it used to work in 2008R2) is to uncheck the "if logging fails, discard connection requests" option.  So RRAS will still log but NPS will not.  For me that is better than it not working.  The only workaround until MS fixes this if you absolutely need both to log is to put them on separate servers.

    Thursday, September 26, 2019 2:12 PM
  • The problem seems to be that the RRAS service tries to use the same log file as NPS and they fight over it.  Here you can see I've tried to change the path of the logging in NPS but RRAS must look at the same path!  So the only solution until Microsoft fixes this (and it used to work in 2008R2) is to uncheck the "if logging fails, discard connection requests" option.  So RRAS will still log but NPS will not.  For me that is better than it not working.  The only workaround until MS fixes this if you absolutely need both to log is to put them on separate servers.

    Thanks for sharing your findings. Your suggestion led me to try this:

    Set-RemoteAccessAccounting -DisableAccountingType ExternalRadius

    From my testing, the result seems promising so far.

    Monday, March 16, 2020 9:24 PM