RRAS: The IKE and AuthIP IPsec Keying Modules service is required to support L2TP/IPsec and IKEv2 tunnels

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012, Windows Storage Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Network Policy and Access Service (NPAS) Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer.

Operating System

Windows Server 2012, Windows Server 2008 R2

Product/Feature

Routing and Remote Access Service (RRAS)

Severity

Error

Category

Configuration

Issue

The IKE and AuthIP IPsec Keying Modules service (IKEEXT) is not running on the Routing and Remote Access server.

Impact

If the IKE and AuthIP IPsec Keying Modules service is not running on the RRAS server, then remote access clients cannot communicate with the RRAS server by using L2TP/IPsec or IKEv2.

Resolution

Start the IKE and AuthIP IPsec Keying Modules service by using the Services MMC snap-in or by entering the command "net start ikeext" at a command prompt running with administrator permissions.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To start the IKE and AuthIP IPsec Keying Modules service

  1. Start Server Manager. Click Start, click Administrative Tools, and then click Server Manager.

  2. In the navigation tree, expand Configuration, and then click Services.

  3. In the Name column, find the IKE and AuthIP IPsec Keying Modules. Right-click the entry, and then click Properties

  4. Set the Startup type to Automatic. This ensures that the service starts whenever the server is restarted.

  5. To start the service immediately, click Start.

  6. When the service is running, click OK.

Additional references

For more about the Routing and Remote Access role service, see Routing and Remote Access (https://go.microsoft.com/fwlink/?linkid=153482) on TechNet, and Routing and Remote Access Service in the Windows Server Technical Library.