This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 24%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER%3C/text%3E%3C/svg%3E)
Hi guys!
Yesterday I restarted a Server 2016 DC and after the restart the RRAS service won't start. It shows a 7024 ID in the log with "The Routing and Remote Access service terminated with the following service-specific error: A specified logon session does not exist. It may already have been terminated."
And it shows 8007042a when trying to start it in the RRAS GUI.
It also shows a ID 13, RasSstp. "The Secure Socket Tunneling Protocol service could not configure the following certificate for use with Internet Protocol version 6 (IPv6). This might prevent SSTP connections from being established successfully. Correct the problem and try again". However, the client is not using a certificate they use a PSK instead so I don't know if this is relevant.
What I've tried...
Everything in this thread: https://serverfault.com/questions/397466/rras-won-t-start-with-8007042a-or-event-id-7024-aka-the-routing-remote-access
I have changed the log file location in NPS accounting.
Disabled the RRAS and reconfigured.
Removed the role, restarted the server and added it again.
I'm stuck now and out of ideas!
Any help will be highly appreciated...
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Multi-homing a domain controller will always cause no end to grief for active directory domain DNS. Install the RRAS / VPN role on a separate member server instance of windows.
--please don't forget to Accept as answer if the reply is helpful--
I know, the problem is that they only have one server so that's not an option.
A better option is to install the hyper-v role (as only role) on host, then stand up a dedicated virtual machine for active directory domain services, and another for RRAS/VPN role.
--please don't forget to Accept as answer if the reply is helpful--
Hi ,
As Dave said, we are not recommend to either multi-home or install any other unnecessary service on domain controller.
If your environment really does not allow Hyper-V or multiple physical servers and since you have performed some troubleshooting steps, but the problem is still not resolved.
I would suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.
Here is the link:
https://support.microsoft.com/en-us/gp/customer-service-phone-numbers
Best Regards,
Candy