Link to home
Start Free TrialLog in
Avatar of tphelps19
tphelps19Flag for United States of America

asked on

How to add VPN role on domain controller (2012 R2)?

I have a 2012 R2 relatively fresh build and I want to add VPN capability to it...simple right??  Apparently not.  The server is 2012 R2 and is a domain controller (one of 3) and is running as a virtual machine.  I go to add the role for Remote Access and then select the "VPN" option and after about 2 minutes it always errors out saying a pending restart is required.  It's neverending, I restart and get the error again.  I've tried switching users and still no luck.  Is there some trick the Microsoft team is getting a big laugh out of while IT Administrators try to figure out how to add a simple role to a server???
Avatar of tphelps19
tphelps19
Flag of United States of America image

ASKER

Wow, unbelievable.  Went through and added "Domain Admins" to everything under Local Security Policy > User Rights Assignment and then also added the ones listed here and that seemed to work.  This was supposedly a fresh build from an OEM Microsoft 2012 R2 disc so not sure why there is so many problems.

http://cset.ct.gs/server-2012-add-role-prompts-restart.html
Avatar of Cris Hanna
I'm working from my phone so I can't find the specific links, but typically domain controllers don't do well with routing and remote access installed.

And I'm not trying to be the software police, but using a oem disc to create a VMware probably wouldn't pass audit
Well it's not VMware, it's hyper-v so I figured OEM discs would be ok as long as we kept them tied to that machine?

I just can't figure out why everything only works when done under the Administrator user?  Or why "Domain Admins" wasn't added to all those groups?  A little Google searching and apparently I'm not the only one who has the issue so that's good at least.
ASKER CERTIFIED SOLUTION
Avatar of DrDave242
DrDave242
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I've requested that this question be closed as follows:

Accepted answer: 0 points for tphelps19's comment #a40967624

for the following reason:

For anyone out there who is having this trouble it looks like typical Microsoft went overboard on security and locked everything down so if you use Windows Update Service it completely disables the ability for regular domain admins to manually install features.
I'm not 100% sure if WSUS was the culprit but from what you're saying and what I read on that article I posted it looks very likely.  I swear, Microsoft will still be dishing out these kinds of issues in 100 years mark my words.  If they wanted to they could make an operating system as easy as an iPhone but we all know they never will.