RRAS: Number of ports for IKEv2, L2TP and SSTP should be greater than 0 and ports for PPTP should be greater than 1
Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Storage Server 2012
This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Network Policy and Access Service (NPAS) Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.
Operating System |
Windows Server 2012, Windows Server 2008 R2 |
Product/Feature |
Routing and Remote Access Service (RRAS) |
Severity |
Error |
Category |
Configuration |
Issue
The number of ports assigned to IKEv2, L2TP, and SSTP tunnels is zero, and the number of ports assigned to PPTP is one.
Impact
If you do not assign a sufficient number of ports to the tunneling protocols, then remote access clients cannot communicate with the RRAS server.
The number of ports determines the number of connections that your Routing and Remote Access VPN server can support. You should assign a number that meets your operational requirements without overloading the network bandwidth or processing power of the server. If you set IKEv2, L2TP, or SSTP all to 0, and PPTP to 1, then the RRAS server can accept no VPN connections of any type.
Resolution
Use 'Routing and Remote Access' in Server Manager to increase the number of ports assigned to at least one tunneling protocols. IKEv2, L2TP, and SSTP should have a minimum or 1 port, and PPTP should have a minimum of 2.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
To configure the number of remote access ports on the RRAS server
Start Server Manager. Click Start, click Administrative Tools, and then click Server Manager.
In the navigation tree, expand Roles, expand Network Policy and Access Services, and then expand Routing and Remote Access.
Right-click Ports, and then click Properties
Select the port type for which you want to configure the number of ports, and then click Configure.
In the Configure Device – PortName dialog box, change the Maximum ports value to the number of connections that you want to support for that connection type. The default value for all types except PPPoE is 128.
Click OK twice to save your changes.
Additional references
For more information about configuring ports for remote access, see Configure Ports for Remote Access (https://go.microsoft.com/fwlink/?linkid=156072).
For more information about tunneling protocols, see VPN Tunneling Protocols (https://go.microsoft.com/fwlink/?linkid=156077).
For more about the Routing and Remote Access role service, see Routing and Remote Access (https://go.microsoft.com/fwlink/?linkid=153482) on TechNet, and Routing and Remote Access Service in the Windows Server Technical Library.