jdcodding
asked on
Windows 2008 Server BFE
I have recently set up 4 Hyper-V machines with 2008 Server 32 bit on each. On V1 I have set it up to accept VPNs through RAS.
On some frequencey (usually about once a day) the BFE service stops and sets itself to "Disabled". RAS is dependent on BFE so then my users can't get connected. I can reset the BFE service to "Auto" and start it, and it will work fine for 6 to 48 hours before it gets disabled again.
I don't see any errors in event log relating to BFE or RAS. This box is also an AD server if that makes any difference. I have turned on/off windows firewall because there have been discussions about how it is related to BFE, but that seems to have no effect. I don't think I need BFE specifically, but I DO need RAS.
Any ideas out there?
On some frequencey (usually about once a day) the BFE service stops and sets itself to "Disabled". RAS is dependent on BFE so then my users can't get connected. I can reset the BFE service to "Auto" and start it, and it will work fine for 6 to 48 hours before it gets disabled again.
I don't see any errors in event log relating to BFE or RAS. This box is also an AD server if that makes any difference. I have turned on/off windows firewall because there have been discussions about how it is related to BFE, but that seems to have no effect. I don't think I need BFE specifically, but I DO need RAS.
Any ideas out there?
Prior to configuring the services, did you disable UAC? OR when configuring specify to run as Administrator.
It may run it for a while until the security policy kicks in and reverts the setup.
It may run it for a while until the security policy kicks in and reverts the setup.
ASKER
I haven't done anything (that I know of) in the UAC area. This entire install is a migration from a 2000 AD server (that was origianlly an NT4 PDC) to thw 2008 Hyper-V. Since this was my first look at Hyper-V, there was a number of configuration setting that were made before I made the jump to having this be my sole AD Domain server.
The BFE service disabled itself again at 4:03AM this morning. The next earliest log of any kind is at 3:18am when the box finished it daily update check.
I just turned off UAC to see if that make a difference
The BFE's logon account is NOT "Local System Account" and is forced to "This Account" 'Local Service'. Should it be a "Local System Account"?
The BFE service disabled itself again at 4:03AM this morning. The next earliest log of any kind is at 3:18am when the box finished it daily update check.
I just turned off UAC to see if that make a difference
The BFE's logon account is NOT "Local System Account" and is forced to "This Account" 'Local Service'. Should it be a "Local System Account"?
While the UAC is turned off, reconfigure the service enabling it. Then you can reactivate the UAC and it should be fine from that point on.
It sounds as though the daily check was reverting "unapproved" changes.
It sounds as though the daily check was reverting "unapproved" changes.
ASKER
Arnold, Thank you. I have reactivated UAC and I'll let you know. I was not aware that could "undo" previous settings.
Not sure what you mean. I think UAC maintains a "snapshot" of the system. And enforces that snapshot on some kind of schedule. I.e. through some means you enabled the service, but the "snapshot" UAC references was not. UAC maintains the system state based on the "snapshot".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
As stated before, the sevice and be re "Autoed" and started without a problem and I suspect it will be fine for a number of hours now.