Routing and Remote access error

[Peter van Houten]

Hi all,

Server 2022 fully patched
Routing and Remote Access role enabled
Using custom Ipsec policy for L2TP/IKEv2
Router UDP ports 500/4500/1701 open
Win11 VPN clients

This setup has been working 100% for remote VPN users since the pandemic, when staff worked from home.

A week ago, Routing and Remote Access stopped working and users' VPNs fail. The same error occurs on ALL branch office servers (above config is identical). After starting/restarting the Routing and Remote Access service, the System log shows event 20063 with the error "Remote Access Connection Manager failed to start because the Protocol engine [IKEv2] failed to initialize. The request is not supported" and no other errors.

We have removed the Routing and Remote Access role and re-installed several times; checked the servers for corrupt files:
dism /online /cleanup-image /checkhealth + associated DISM tasks, followed by sfc /scannow

Scoured dozens of support forums with very few suggestions, other than try what we have already done.  Cannot find any reference to a Microsoft update which would break L2TP/IKEv2

Any help most welcome.

--
Peter

[Brian Illner]

I’m experiencing issues with Remote Desktop through VPN as well on Windows 11.

 

BRIAN ILLNER​​​​  |  Senior Systems Administrator 864.250.9227 Office 864.679.2537 Fax Canal Insurance Company 101 N. Main Street, Suite 400 Greenville, SC 29601 WARNING:  As the information in this transmittal (including attachments, if any) may contain confidential, proprietary, or business trade secret information, it should only be reviewed by those who are the intended recipients.  Unless you are an intended recipient, any review, use, disclosure, distribution or copying of this transmittal (or any attachments) is strictly prohibited.   If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal.  While Canal believes this transmittal to be free of virus or other defect, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by Canal (or its subsidiaries and affiliates) for any loss or damage arising therefrom.

 

From: ntsys...@googlegroups.com <ntsys...@googlegroups.com> On Behalf Of Peter van Houten
Sent: Monday, February 10, 2025 4:34 AM
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] Routing and Remote access error

 

CAUTION: This message was sent from outside of Canal Insurance. Please do not click links or open attachments unless you recognize the source of this email and know the content is safe. Please report all suspicious emails to "inf...@canal-ins.com" as an attachment.

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/33525813-2baa-4831...@gmail.com.

[Philip Elder]

When was the OS updated last?

 

Philip Elder MCTS

Senior Technical Architect

Microsoft High Availability MVP

MPECS Inc.

E-mail: Phili...@mpecsinc.ca

Phone: +1 (780) 458-2028

Web: www.mpecsinc.com

Blog: blog.mpecsinc.com

Twitter: Twitter.com/MPECSInc

Skype: MPECSInc.

 

Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.

To view this discussion visit https://groups.google.com/d/msgid/ntsysadmin/MW5PR13MB59014E1CAFD1B7ED6636CD32C5F22%40MW5PR13MB5901.namprd13.prod.outlook.com.