2

I have the following setup:

A Windows Server 2019 VM, which is also the AD Domain Controller. It has a public IP. I want to set up a VPN (RRAS) where the users can connect to so they are in the local network.

I made a new private Virtual Switch for that in the Host.

So the DC has 2 Network interfaces, one with a public IP and one with a private range, where I set a static IP 10.20.30.1 with a netmask of 255.255.255.0. Then I set up a DHCP server there on the same machine. I told the DHCP Server to offer addresses in the range 10.20.30.2-254

The DHCP Server is working fine (I tested it with another VM which I plugged into the Virtual Switch, it got a lease without problem).

Now I want the RRAS to get leases from the DHCP to use for the clients. It was working fine one time (the RRAS got 10 leases, clients could connect, everything fine), but after a server reboot it is broken. It's like the RRAS can no longer talk to the DHCP. In the Remote Acces window it says that it could not get addresses for the VPN from the DHCP Server.

I am also a bit unsure about the configuration here.

I disabled the DHCP Relay Agent, because the DHCP is on the same machine - correct?

In the IPv4 Tab of the RRAS Settings where I have the choice between DHCP and static pool, I set it to DHCP. Does that automatically assume there is a DHCP up and running on the local machine? I suspect it might be asking the wrong interface - the DHCP is of course configured to only use the private Virtual Switch, so 10.20.30.1

As said - the DHCP seems to work fine, but the RRAS cannot communicate with it after the reboot.

Note: i do not want the network to route any traffic outside, so i don't want an internet connection over the VPN.

I am not even sure why it fails.

Boldar
  • 23
  • 1
  • 1
  • 3

5 Answers5

2

Can you try the work around to change below registry key value and restart DHCP Client service?

  • Path: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp

  • Key name: RequiredPrivileges

  • Value: (change from) SeChangeNotifyPrivilege SeCreateGlobalPrivilege

(to) SeChangeNotifyPrivilege SeCreateGlobalPrivilege SeImpersonatePrivilege

Thanks!

Ping Yan
  • 21
  • 2
2

I tried the registry fix and it worked for me.

reg add "HKLM\SYSTEM\CurrentControlSet\Services\Dhcp" /v RequiredPrivileges /d "SeChangeNotifyPrivilege"\0"SeCreateGlobalPrivilege"\0"SeImpersonatePrivilege"\0 /t REG_MULTI_SZ /f
bjoster
  • 4,805
  • 5
  • 25
  • 33
BSpicer
  • 21
  • 1
  • 2
    Do you have an explanation what that does? – RalfFriedl Nov 21 '19 at 06:14
  • reg add "HKLM\SYSTEM\CurrentControlSet\Services\Dhcp" /v RequiredPrivileges /d "SeChangeNotifyPrivilege"\0"SeCreateGlobalPrivilege"\0"SeImpersonatePrivilege"\0 /t REG_MULTI_SZ /f Doing this worked for me as well. – Tiffanny Renrick Apr 25 '20 at 16:11
0

this problem is still on, in 2022 .The fix does not work for me. Static pool is working but I cannot set gateway for clients.

Robert Savulescu
  • 1
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community May 18 '22 at 14:28
0

I have fought with server 2019 RRAS for about a week before I gave up and put server 2016 on and all my problems went away. I had an issue where DHCP would not relay sometimes and after a reboot it started working again. I also had an issue after an update where the RRAS service would not start and would fail with error 8007042a. Removing KB4480116 fixed the problem for a while but eventually the problem came back.

Your really have 2 options here.

1) Pay Microsoft for a support call and see how that goes. (Good luck)

2) Install server 2016 and revisit the issue in about 6 months after microsoft fixes the problems with server 2019. You can also monitor the Update History Website and see if they say something about RRAS in the release notes.

Here is the link to my problem: Windows Server 2019 VPN Error 8007042a After KB4480116

Here is a link to others with the DHCP problem: https://social.technet.microsoft.com/Forums/en-US/0270d377-be3a-4b63-82a0-9df076c5e3b3/upgrade-from-2016-to-2019-breaks-dhcp-relay-agent-when-using-rras

Joe
  • 1,170
  • 1
  • 8
  • 12
  • Okay... that is not what i wanted to hear ;-) but thanks anyways... But one thing is still confusing me - the DHCP is on the same machine for me (which is also the AD DC), so i would not need a DHCP relay in this setup, correct? The RRAS should be able to communicate with the DHCP. You do assume the error is with the RRAS, so i could make a second VM with a Windows Server 2016 inside and just set the RRAS there, and then relay to the DHCP on the 2019 machine. – Boldar Jan 21 '19 at 15:42
  • You do not need to relay DHCP unless your DHCP server is on another VLAN than your clients. DHCP relay is similar to a DHCP-Helper address that cisco uses. As far a the issues with server 2019, I am had setup several RRAS servers in 2016 and never had a problem. The issues you are seeing are from my experience all from problems with RRAS and server 2019. I would go ahead and build a server 2016 as a test and see if your problems are resolved. Won't hurt anything to give it a try. In my case, server 2016 resolved both issues. – Joe Jan 21 '19 at 16:04
0

You could make the workaround trick. Configure static address pool on the RRAS and configure a static pool in RRAS instead of the DHCP option, remember to exclude the range from your DHCP.

I have not tested this with server 2019 but I have tested this configuration with Server 2016, the configuration is the same as your configuration.

Preferred-it.com
  • 1
  • 1