The Network Policy Server Service (NPS or IAS) Fails to Start on Windows SBS Server 2008 with an unspecified error (0x80004005)

,

So I was recently helping out a client clean up their Small Business Server environment, one thing they weren’t using was SharePoint, so we decided to remove it from their SBS 2008 server. The removal went smoothly, simply uninstalling SharePoint Services via Add/Remove control panel did the trick. But after a restart we found that clients were no longer connecting to their Wireless network, so I went did some troubleshooting and found that the NPS service hadn’t started since boot-up.

I then tried starting it up but got an error after trying to start the service with an unspecified error 0x80004005 which was very helpful. After some more digging around and Google-Fu I found that this had to do with permissions on a registry entry for VSS. The following key needed to be updated from the value 1 to 0.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl

Make sure that the setting for NT AUTHORITY\NETWORK SERVICE is set to 1. If this is not and set to 0, change it to 1.  Once you have changed the value you can restart or terminate any IAShost.exe that are running via task manager and then start up the NPS service.

vss registry key

This issue has been documented by Microsoft to occur if you remove SharePoint from SBS Server 2008, so just a heads up if you do and rely on NPS for authentication for things like Remote Access or Wireless.


Leave a Reply

More Posts

ScreenConnect Router Service Setup

Despite all the things people say about Connectwise, I still hold ScreenConnect or Connectwise Control close to my heart as one of the best support and remote access tools out there. It’s light, friendly and easy to use for support staff and end users and just gets the job done. I look after our own […]

How to allow an Active Directory Certificate Authority to generate Certificates with a Subject Alternative Name attribute

Starting with Google Chrome 58, Chrome no longer trusts certificates without the Subject Alternative Name attribute, so this makes it a little troublesome for those with internal CAs where you rely on them for Software Development. We noticed last week that some end users couldn’t hit an internal application over HTTPS, but was fine in […]

Configure a login banner or disclaimer on a FortiGate for Terminal and HTTP admin logins

If like me you work in an environment where you have people who are attempting to circumvent your network security it helps to have a banner or disclaimer to warn them about the trouble they will get into if they’re caught. By default when you attempt to login to a FortiGate there is no warning […]