COMMAND
RRAS
SYSTEMS AFFECTED
WinNT with SP5
PROBLEM
David R. Bivens found following. There appears to be a problem
when NT SP5 is installed on a machine that also has Routing &
Remote Access Services (RRAS) installed and running in anything
other than pure "LAN routing" mode. A Compaq Proliant 5000,
3-processor, with NT 4.0 SP4, MS Proxy 2, IIS4, SQL 6.5, and RRAS
running only the TCP/IP protocol had been stable in production
for several months. After installing Service Pack 5, RRAS would
not start. Visible in the system event log were RRAS events
20023 ("Remote Access Server Security Failure. The security agent
has rejected the Remote Access server's request to start the
service on this computer on LANA x"), one for each NIC, followed
by failure of the RRAS service.
Also seen were events 20081 ("Remote Access Server Security
Failure. Could not reset lana x (the error code is the data).
Security check not performed"), but these have been seen before
and do not seem to be fatal. There were no articles in TechNet
or the knowledge base that accurately describes the problem,
although a couple came close.
As an experiment, while waiting for an MS callback, David
installed the demand-dial routing component of RRAS on another
server that did not have Proxy. It came up perfectly. Then, he
installed SP5 and, lo and behold, event 20023 and RRAS failure.
He removed SP5 using the standard uninstall procedure an RRAS
became operational, albeit with several 20081 messages.
He restored the other machine's $NtServicePackUninstall$ directory
from a backup tape and ran the SP5 uninstall. After rebooting
(and manually adding a whole bunch of static routes, WINS
settings, DHCP scopes, etc.), RRAS once again functioned properly.
SOLUTION
Removing SP5 seems to fix this, but removing it opens more holes
than imagined...