RRAS: Number of ports for IKEv2, L2TP and SSTP should be greater than 0 and ports for PPTP should be greater than 1

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Storage Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Network Policy and Access Service (NPAS) Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2012, Windows Server 2008 R2

Product/Feature

Routing and Remote Access Service (RRAS)

Severity

Error

Category

Configuration

Issue

The number of ports assigned to IKEv2, L2TP, and SSTP tunnels is zero, and the number of ports assigned to PPTP is one.

Impact

If you do not assign a sufficient number of ports to the tunneling protocols, then remote access clients cannot communicate with the RRAS server.

The number of ports determines the number of connections that your Routing and Remote Access VPN server can support. You should assign a number that meets your operational requirements without overloading the network bandwidth or processing power of the server. If you set IKEv2, L2TP, or SSTP all to 0, and PPTP to 1, then the RRAS server can accept no VPN connections of any type.

Resolution

Use 'Routing and Remote Access' in Server Manager to increase the number of ports assigned to at least one tunneling protocols. IKEv2, L2TP, and SSTP should have a minimum or 1 port, and PPTP should have a minimum of 2.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To configure the number of remote access ports on the RRAS server

  1. Start Server Manager. Click Start, click Administrative Tools, and then click Server Manager.

  2. In the navigation tree, expand Roles, expand Network Policy and Access Services, and then expand Routing and Remote Access.

  3. Right-click Ports, and then click Properties

  4. Select the port type for which you want to configure the number of ports, and then click Configure.

  5. In the Configure Device – PortName dialog box, change the Maximum ports value to the number of connections that you want to support for that connection type. The default value for all types except PPPoE is 128.

  6. Click OK twice to save your changes.

Additional references

For more information about configuring ports for remote access, see Configure Ports for Remote Access (https://go.microsoft.com/fwlink/?linkid=156072).

For more information about tunneling protocols, see VPN Tunneling Protocols (https://go.microsoft.com/fwlink/?linkid=156077).

For more about the Routing and Remote Access role service, see Routing and Remote Access (https://go.microsoft.com/fwlink/?linkid=153482) on TechNet, and Routing and Remote Access Service in the Windows Server Technical Library.