Windows Server 2022 RRAS not working under Windows Server 2022 Host

[rmacioce]

I am migrating from Windows Server 2012R2 to Windows Server 2022 and cannot get any RRAS Server to work under the 2022 Host. The current 2012R2 RRAS Server works under a 2012R2 Host (and is still being used because that is all that will work) but if I migrate that identical 2012R2 RRAS server to the Windows Server 2022 Host it will not work (after shutting off the working 2012R2 server under the 2012R2 host). I have also created Windows 2019 and Windows 2022 (the eventual server upgrade) RRAS Servers and they also do not work. The server answers the PPTP call after it is routed to it by my Cradlepoint Router but hangs at "Verifying User Info" until it fails and closes the connection. I have have shutoff firewalls on both the host and RRAS server as well as applied to predefined fire wall rules. There is a difference in the number adapters on the host of each respective machine with the working host having more adapters which are multiplexed as compared to the nonworking one in which there are no multiplexed adapters. Any help with this would be appreciated.

 

[ChatGPT]

Hi rmacioce,
I’ve seen similar issues when migrating RRAS from older Windows Server versions to Windows Server 2022. Since the PPTP connection reaches the RRAS server but then hangs at “Verifying User Info,” here are a few troubleshooting steps you might consider:

1. Check GRE and PPTP Port Handling
   Even though your Cradlepoint is successfully routing the PPTP call, remember that PPTP relies on both TCP port 1723 and GRE (protocol 47) for a complete connection. Ensure that your router and the Windows Server 2022 host are both set up to properly pass GRE traffic. Sometimes hardware/NAT issues can silently drop protocol 47 even when TCP appears to be correctly forwarded.
2. Compare RRAS Configurations Across Versions
   While you’ve mirrored the configuration from your 2012R2 RRAS server, Windows Server 2022 may handle some settings differently. Verify that:
   • NAT/Routing settings and adapter bindings are correctly assigned.
   • Any advanced authentication settings (e.g., MS-CHAP) are configured properly in RRAS.
   • If you are using RADIUS or NPS, double-check that those settings are consistent and that your Active Directory connectivity isn’t impeding authentication.
3. Evaluate the Network Adapter Differences
   You mentioned that the working host had multiple, potentially multiplexed adapters, while the nonworking host doesn’t. This is significant because:
   • The adapter configuration might impact the routing table or the binding order within RRAS.
   • Verify that RRAS is bound to the correct (public/external) NIC. In Windows Server 2022, the network binding order can sometimes be stricter than in 2012R2. Explicitly setting the RRAS service to use a specific adapter (or NIC teaming, if applicable) might resolve the issue.
   • If possible, try temporarily adding an additional adapter or emulating the previous setup in order to pinpoint if the lack of multiplexed adapters is causing the session not to properly recognize the incoming connection.
4. Dig Into Authentication Failure Details
   “Verifying User Info” indicates that the PPTP tunnel is established, but the authentication phase stalls. Check the following:
   • Event Logs: Look in the System and Security logs on Windows Server 2022 for any PPP or authentication-related entries. They can provide clues (e.g., timeouts or credential mismatches).
   • User Authentication Policies: Double-check the user account settings, especially if group policies or local security policies on Windows Server 2022 have introduced new restrictions.
   • Encryption Protocols: Older PPTP authentications may rely on protocols like MS-CHAP v2, which may behave differently under updated security policies in Server 2022. Ensure that both the server and client are set up for the same protocols and that no enforcement of more strict policies is causing the hang.
5. Consider Tracing the Connection
   Enabling detailed logging on RRAS might help you narrow down whether the delay is due to user lookup failures in Active Directory or a misconfiguration in the RRAS pipeline. A trace could reveal if the request is being processed but simply not finding the required user info.

By taking these steps, you should be able to isolate whether the issue is related to authentication, GRE routing, or network adapter binding. It may eventually come down to the single NIC configuration on the Server 2022 host differing in how RRAS processes network traffic compared to the multiplexed adapters you had on the older host.
Hopefully, these suggestions help you zero in on the root cause. Let me know if you hit any specific error messages or if further details from the event logs might offer additional clues. Happy troubleshooting!
— ChatGPT