Network Policy Server Service (IAS) fails to Start


To totally unlock this section you need to Log-in


Login

We have seen some cases where the Network Policy Server service fails to start, when this happens, functionality provided by TS Gateway (used in RWW) or Routing and Remote Access (RRAS) will also stop working.

Furthermore, you could also see, that as part of the troubleshooting, some admins are uninstalling the entire role, and when trying to re-install it fails. How to identify you are experiencing this issue?

When starting the NPS service it fails with:

Network Policy Server Service (IAS) Fails to Start

The following event is logged:

Log Name: System 

Source: Service Control Manager
Date: 1/30/2009 11:36:35 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The Network Policy Server service terminated with the following error: Unspecified error

If you try to start RRAS you get:

Log Name:      System

Source: Service Control Manager
Date: 2/16/2009 1:34:37 PM
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer:
Description:
The Routing and Remote Access service terminated with service-specific error 16389 (0x4005).

If you try to re-install the NPS Role service you get:

Network Policy and Access Services 

Network Policy Server
Network Policy and Access Services: Installation failed
<error>: Attempt to install Network Policy Server failed with error code 0x80070643. Fatal error during installation. The following role services were not installed:
Network Policy Server

In the servicing logs you see:

ServerManager.log 

5316: 2009-01-29 12:06:25.902 [CBS] ...current state of 'IAS
NT Service': p: Staged, a: Staged, s: UninstallRequested
5316: 2009-01-29 12:06:25.902 [CBS] ...setting state of 'IAS
NT Service' to 'InstallRequested'
5316: 2009-01-29 12:06:25.919 [CBS] ...'IAS NT Service' :
applicability: Applicable
5316: 2009-01-29 12:07:05.658 [CbsUIHandler] Initiate:
5316: 2009-01-29 12:07:08.975 [InstallationProgressPage] Installing...
5316: 2009-01-29 12:08:54.092 [CbsUIHandler] Error: -2147023293 :
5316: 2009-01-29 12:08:54.093 [CbsUIHandler] Terminate:
5316: 2009-01-29 12:08:54.093 [CBS] Error (Id=0) Function:
'NativeMethods.GetPackageStatus(out status)' failed: 80070643 (-2147023293)
5316: 2009-01-29 12:08:54.094 [CBS] ...done installing 'IAS
NT Service '. Status: -2147023293 (80070643)
5316: 2009-01-29 12:08:54.094 [InstallationProgressPage] Verifying installation...
5316: 2009-01-29 12:08:54.194 [Provider] Skipped configuration of 'NetworkPolicyServer' because install operation failed.
cbs.log
2009-01-29 12:07:27, Error CSI 00000001 (F) Logged
@2009/1/29:12:07:26.752 : [ml:96{48},l:94{47}]"Attempting to start service {IAS} synchronously" [gle=0x80004005]
2009-01-29 12:07:27, Error CSI 00000002 (F) Logged
@2009/1/29:12:07:27.753 : [ml:260{130},l:258{129}]"Service did not run. Current state (3) Exit code (-2147467259) Service specific exit code (0) Check point (1)
Wait hint (300000) "
[gle=0x80004005]
2009-01-29 12:07:27, Error CSI 00000003@2009/1/29:12:07:27.864 (F) CMIADAPTER: Inner Error Message from AI HRESULT = E_FAIL
[
[19]"Unspecified error"
]
[gle=0x80004005]

The problem can happen when the NPS service tries to register it's VSS writer and finds that it does not have enough rights/permissions to do so. To resolve this check the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl 

Verify that the setting for NT AUTHORITY\NETWORK SERVICE is set to 1. If this is set to 0 change it to 1.

Network Policy Server Service (IAS) and RRAS fails to Start

Network Policy Server Service (IAS) and RRAS fails to Start

Open Task Manager, select Show Processes for all users, and kill any instances of IASHOST.EXE that might be running.

Network Policy Server Service (IAS) and RRAS fails to Start

Start the NPS Service. (If it is not installed, re-install it at this point).

Finally,add Read/Write/Modify permission to Network Service account on folder C:\Windows\system32\IAS.