You install the Network Policy and Access Services role on a server that is running an x64-based version of Windows Server 2008 R2.
You configure and then enable the Routing and Remote Access service on the server.
Note If you examine the Port window of the Routing and Remote Access service, you notice that the maximum number of WAN Miniport (IKEv2) ports is set to 128.
You install Windows Server 2008 R2 Service Pack 1 (SP1) on the server.
In this scenario, the maximum number of IKEv2 ports is changed from 128 to two. Therefore, only two IKEv2 connections can be active at one time.
If more than two clients try to connect to the server at the same time, the Routing and Remote Access service rejects the IKEv2 connection requests. Additionally, the following message is logged in the Rastapi.log file:
Couldn’t find a listening port. Dropping call
By default, the maximum number of IKEv2 ports in the Port window of the Routing and Remote Access service in Windows Server 2008 R2 is set to two. The number is changed to 128 after you enable the Routing and Remote Access service. However, the IKEv2 component is reinstalled unexpectedly when you install Windows Server 2008 SP1. Therefore, the maximum number of IKEv2 ports is set back to two.
To prevent this issue, we recommend that you install this hotfix package before you install Windows Server 2008 R2 SP1.
If you have installed Windows Server 2008 R2 SP1 before this hotfix package, follow these steps to prevent the issue:
Manually change the maximum number of number of ports to 128 or a customized value by using an administrator account.
Install this hotfix package.
How to obtain this update
The following files are available for download from the MicrosoftDownload Center:
All supported x64-based versions of Windows Server 2008 R2
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
To apply this update, you must have the Routing and Remote Access Services role installed on the server.
To use the update in this package, you do not have to make any changes to the registry.
You do not have to restart the computer after you apply this update.
Update replacement information
This update does not replace a previously released update.
The global version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2008 R2 file information notes
The files that apply to a specific product, milestone (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
Windows Server 2008 R2
Windows Server 2008 R2
GDR service branches contain only those fixes that are widely released to address widespread, extremely important issues. LDR service branches contain hotfixes in addition to widely released fixes.
The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 R2" section. MUM and MANIFEST files, and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x64-based versions of Windows 7 and of Windows Server 2008 R2
To work around this issue, use one of the following methods to change the maximum number of IKEv2 ports back to the default value 128 or the number of ports configured manually by the administrator:
Change the maximum number of ports in the Port window of the Routing and Remote Access service. To do this, follow these steps:
Click Start, point to All Programs, click Administrative Tools, and then click Server Manager.
In the left pane, expand Roles, expand Network Policy and Access, and then expand Routing and Remote Access.
Right-click Ports, and then click Properties.
Select WAN Miniport (IKEv2) in the Ports Properties dialog box, and then click Configure.
Change the Maximum port to 128 or the value you set before and then click OK.
Apply the change and then restart the computer.
At a command prompt, type the following command to change the maximum port number and then restart the server:
netsh ras set wanports device="WAN Miniport (IKEv2)" maxports=128
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Additional file information
Additional file information for Windows Server 2008 R2
Additional files for all supported x64-based versions of Windows Server 2008 R2