Edit edit:
I deleted %windir%\system32\ias\ias.xml and %windir%\system32\ias\iasTemplates.xml as I found a post saying those would set the NAP settings back to default upon reinstalling. Installation now worked, and I'm not getting the original error any longer. I will update this post again if the problem re-appears after I've tried configuring the NAP role.
Edit:
Tried uninstalling NAP, restarting the server, and then install it again. The installation now fails with the error: The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed. Error 0x800f0922
Original post:
Hi! My first post here, in addition to this being the first server I'm setting up, so I'm in need of some help. I will go in to details about what I've tried so far.
OS: 2012 R2 via Hyper-V
Other Roles on this server: AD DS, DHCP, DNS
When did the problem start: After installing NAP
What user account I'm using: Administrator on the domain
Error:
- When trying to start Network Policy Server service I get the error "Windows could not start the Network Policy Server service on Local Computer.Error 0x80020003: Member not found."
- Event viewer: "The Network Policy Server service terminated with the following error: Member not found
What I've tried:
- Restarting server. Restarting the service.
- Checked that HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl is set to 1. Then i terminated
all instances of IASHOST.EXE and tried to start the service. Still got the same error.
I've read some posts about perhaps an account is lacking the right permissions, but I don't know which user account that might be, as I haven't made any Service Accounts and I don't know if that is needed. To me the error I'm getting sounds more like I should have a service account, but I don't have one.
Users with rights to this registry key:
"ALL APPLICATION PACKAGES" has Read
"CREATOR OWNER" has Full Control over Subkeys
"SYSTEM" has Full Control
"Administrators" (In domain) has Full Control
"Server Operators" (In domain) has Full Control
"Authenticated Users" has Full Control
- Found a post saying it might be the firewall blocking something (which sounds like total crap to me as there's no mention of anything like that in any of the error messages), but I verified that in the Windows Firewall the NPS Firewall rules had been automatically added during installation of NAP under Inbound Rules. I couldn't see any in Outbound Rules, but I don't know if there's supposed to be any rules there. I added the UDP ports to be allowed on the firewall of the Hyper V host machine too (ports 1812,1813,1645,1646).
- I've used "netsh ras set tracing * enable" to get out some log files. Half of the log files are emtpy, the rest I don't understand. Name of log files: Explorer_rasdlg, explorer_rasgcw, ias, iasdatastore_aux, iasrecst, iassdo, iassvcs, iphlpsvc, mprapi, rasplap, svchost_rasdlg. If you need to see the content of any of these, just ask.
So, I'm quite stuck now. Anyone care to help me out? If you need more information I'd be glad to give it.