Problems with UAG activation after enabling SSTP

  • Article

When trying to configure and enable SSTP on a UAG server or array, you might find that activation is failing. Other related symptoms may include:

Error events in the System event logs titled “The Microsoft Forefront TMG Control service terminated with service-specific error %%-2147023175” (event ID 7024)

clip_image002

Error events in the System event logs titled “The RPC/HTTP Load Balancing Service service terminated with the following error: Not enough resources are available to complete this operation.” (event ID 7023)

clip_image004

Error events in the System event logs titled “The Routing and Remote Access service terminated with service-specific error A device attached to the system is not functioning.. ” (event ID 7024)

clip_image006

Error events in the System event logs titled “Unable to load c:\Windows\System32\iprtmgr.dll.” (event ID 20103)

clip_image008

Error events in the System event logs titled “IPv6 packet filtering has been disabled. Static filters configured for Routing and Remote Access service will not be applied.” (event ID 20219)

clip_image010

As you may have been able to deduce from the last message above, this issue may appear if the IPv6 stack is disabled on one or more of the network interfaces present on the system. Some users disable those in an attempt to reduce the exposure profile of the system, but doing this can cause the RRAS service (which powers SSTP in UAG and TMG) to crash. To address this, follow these steps:

1. Re-enable the IPv6 stack by:

a. Enabling it on the NIC configuration interface

clip_image012

b. If you disabled it in the registry directly, re-enable it, as it overrides the GUI settings. To do this, remove the following registry value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\DisabledComponents (This is also described here: https://support.microsoft.com/kb/929852)

2. Disable RRAS by disabling* SSTP in UAG, and activating the configuration

        * no need to remove the SSTP application from the portal, though

3. Reboot the server

4. If you are running a UAG array, perform steps 1-3 on all array members before proceeding

5. Re-Enable SSTP from the UAG console, and activate the configuration

Props to my buddy GS for helping bring this to light!