4,659 questions
Remote Access VPN clients cannot get IP address via DHCP
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 69%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
John Perkins
1
Reputation point
I'm in the process of setting up a pair of new Remote Access VPN servers (either Server 2016 or Server 2019). Clients are able to connect using host certificate when the RA server uses a static IP pool, but the connection fails with error 13899 when configured to obtain an IP address via DHCP server.
The registry key HKLM\SYSTEM\CurrentControlSet\Services\Dhcp with SeImpersonatePrivilege is indeed set per https://social.technet.microsoft.com/Forums/en-US/0270d377-be3a-4b63-82a0-9df076c5e3b3/upgrade-from-2016-to-2019-breaks-dhcp-relay-agent-when-using-rras and https://learn.microsoft.com/en-us/answers/questions/49333/windows-2019-rras-server-unable-to-utilize-dhcp-se.html
Host firewall rules are in place to pass DHCP traffic inbound and outbound on the RA server. I am not seeing DHCP requests make it back to the DHCP server so far.
Anyone have suggestions for what might be triggering this and how to resolve it?
Windows for business | Windows Client for IT Pros | Networking | Network connectivity and file sharing
Windows for business | Windows Server | User experience | Other
20,213 questions
Sign in to answer