RRAS won't start on Server 2016, Eventid 7024

Robert303 1 Reputation point

Hi guys!

Yesterday I restarted a Server 2016 DC and after the restart the RRAS service won't start. It shows a 7024 ID in the log with "The Routing and Remote Access service terminated with the following service-specific error: A specified logon session does not exist. It may already have been terminated."
And it shows 8007042a when trying to start it in the RRAS GUI.

It also shows a ID 13, RasSstp. "The Secure Socket Tunneling Protocol service could not configure the following certificate for use with Internet Protocol version 6 (IPv6). This might prevent SSTP connections from being established successfully. Correct the problem and try again". However, the client is not using a certificate they use a PSK instead so I don't know if this is relevant.

What I've tried...

Everything in this thread: https://serverfault.com/questions/397466/rras-won-t-start-with-8007042a-or-event-id-7024-aka-the-routing-remote-access
I have changed the log file location in NPS accounting.
Disabled the RRAS and reconfigured.
Removed the role, restarted the server and added it again.

I'm stuck now and out of ideas!

Any help will be highly appreciated...

Windows Server Infrastructure
Windows Server Infrastructure
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Infrastructure: A Microsoft solution area focused on providing organizations with a cloud solution that supports their real-world needs and meets evolving regulatory requirements.
518 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Dave Patrick 426.2K Reputation points MVP

    Multi-homing a domain controller will always cause no end to grief for active directory domain DNS. Install the RRAS / VPN role on a separate member server instance of windows.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Robert303 1 Reputation point

    I know, the problem is that they only have one server so that's not an option.

    0 comments No comments

  3. Dave Patrick 426.2K Reputation points MVP

    A better option is to install the hyper-v role (as only role) on host, then stand up a dedicated virtual machine for active directory domain services, and another for RRAS/VPN role.

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  4. Candy Luo 12,661 Reputation points Microsoft Vendor

    Hi ,

    As Dave said, we are not recommend to either multi-home or install any other unnecessary service on domain controller.

    If your environment really does not allow Hyper-V or multiple physical servers and since you have performed some troubleshooting steps, but the problem is still not resolved.
    I would suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

    Here is the link:


    Best Regards,


    0 comments No comments