Broken NPS service on RD Server

Brian Hart 21 Reputation points
2024-05-23T07:48:42.0266667+00:00

Brand new RD server 2022 (HyperV machine on a Server 2022 host). I got it up and running, got the RD Gateway configured & working, got apps installed and users using it.

But I still needed to activate the licenses. When I went to the roles to add the license server, everything looked good until after the reboot--and then the RD Gateway service would no longer load. This is because it depends on the Network Policy Server service that will not start. It fails with error 0x80070032: the request is not supported. Event Viewer shows this with event ID 7023, which is no help.

I went as far as removing/reinstalling the Network Policy role, but it will still not start. The only tip I have found online is about the registry/secpol VSS NTLM value 1, but that is already correct.

I already did sfc /scannow and then DISM... to clean the image. Those worked, but the NPS service will still not start, so I cannot get my RD Gateway back online. Now users can use the RD server as an RD/app server but only from inside the LAN where it does not require the RD Gateway.

Any ideas on how to get the Network Policy Server service running again? I am at my wits' end on this.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,344 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Brian Hart 21 Reputation points
    2024-05-24T14:20:48.1166667+00:00

    Yes. NETWORK SERVICE has read and write access, the same as it does on other working servers (although those are Server 2019, and this is Server 2022). Still, the service is not running under NETWORK SERVICE; it is running under the Local System account, the same as it does for other (2019) servers where the NPS service runs correctly.

    0 comments No comments

  2. Karlie Weng 15,761 Reputation points Microsoft Vendor
    2024-05-27T03:06:57.5933333+00:00

    Hello,

    The error 0x80070032 can sometimes be related to configuration issues or corrupted system files. Since you've already tried sfc /scannow and the DISM tool without success, let's consider some other approaches:

    1. In Services.msc, ensure that all the services that Network Policy Server (NPS) depends on are running.
    2. Look at the Event Viewer in more detail. There may be other events around the time of the 7023 event that could provide more context.
    3. NPS service runs under the Network Service account by default. Make sure that this account has the necessary permissions and hasn't been changed.

    If it is convenient for you, please also provide a screenshot of the error message when the service fails to start and a screenshot of the event log for event 7023.


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  3. Brian Hart 21 Reputation points
    2024-06-10T14:54:46.7666667+00:00

    Karlie Weng: I apologize for the delay. For some reason, I am not getting notified on responses here.

    The actual problem was that the RD Gateway service would not start, and the reason is that it is dependent on the NPS, and it will not start.

    So, in answer to your questions.

    1. The NPS, in turn, depend only on RPC, and this is starting correctly.
    2. There are only two events on each failure to start: 7036 (The Network Policy Server service entered the stopped state.) and 7023 (The Network Policy Server service terminated with the following error: The request is not supported.) Here are the screen shots of the error itself and the two System event messages: NPS will not start User's image User's image
    3. Before I posted the original question, I had already thoroughly tested the Network Service account to ensure it was correct. This is a new server, and there have been no changeds to this account. All other services running under this account are starting & working correctly. I even tried alternatively running the NPS service under the domain admin, but the same problem persisted.

    I had installed this new server and users began using it, including the RD Gateway, while still in the temporary licensing mode. But I had used teh Role-based or feature-based installation when doing the initial installation, and when I added the licensing role, I did it using the Remote Desktop Services installation.

    After reboot following that installation was when the RD Gateway service failed to load--based on the failure of NPS to load, and the NPS failure is the reason for my original post here. I even removed all RD-related those roles and re-added them before I posted here, but that did not resolve the problem.

    So I moved the RD Gateway role to my domain controller where NPS works. But I really want to get NPS working on my RD Server, since it is likely to arise later to cause some other problem. I suspect there is some duplication in configuration between the original Role-based installation and the subsequent RD Services installation.

    How do I contact Microsoft directly to resolve this problem? It has been many years since I have had to open a tech support call with Microsoft on a server issue, and I cannot even figure out where to open the case by email or phone.

    0 comments No comments