After installing DHCP server on windows 2008 R2, you notice that your system event log will be filled with Errors Event ID: 1070 “Iashlpr initialization failed: The DHCP service was unable to access path specified for the audit log. So DHCP server cannot talk to NPS server. It could be that IAS service is not started.”
Event ID: 1070
Iashlpr initialization failed: The DHCP service was unable to access path specified for the audit log. So DHCP server cannot talk to NPS server
At first I have ignored this error since it wasn’t affecting my DHCP Server behavior, everything was working fine, and clients were obtaining proper IP addresses and network settings.
Until I had to configure WPAD entry in order to enable TMG Firewall Client to automatically detect the TMG server. TMG clients were failing to automatically detect the TMG Server, I start troubleshooting the issue, I tried everything add/remove the WPAD entry, changing the WPAD value, etc… but all my trials were unsuccessful.
So I decided to go deeper with my inspection and start inspecting my firewall client behavior thus in order to do that I have installed the firewall client Auto detect tool which was very helpful for me. Although this tool was written for ISA 2004 but it works with ISA 2006 and TMG since all the three systems uses the same auto detection concept “DHCP/DNS” except the TMG Firewall client now uses a new way to publish auto detect information in Active Directory, which I am not using in this scenario although is it the most secure method, but it doesn’t provide location based flexibilities whenever you want to publish multiple TMG/ISA Servers in different locations.to use fwctools Open cmd and Type “fwctool TestAutoDetect” after extracting the zip file on your client computer.
After running the FWCTools on 2 of my clients I got the same below results,
As you can see that the tool has failed to query the WPAD entry which I have configured on my DHCP server. It is good to know that but why? Obviously it is something from the server, so in order to inspect the DHCP server behavior I have installed “WIRESHARK “ on my DHCP server which is a good network monitor that I use often. After inspecting the DHCP packets I have noticed that WPAD packets are being dropped! even though clients are obtaining properly DHCP leases and along with other scope options, such as Default gateway and DNS.
So I have decided to go back and check the DHCP configuration once again, and have a look on the Event ID:1070 already mentioned above. After a bit of research on the error I found it is a good time to understand the relation between the DHCP and NPS server http://technet.microsoft.com/en-us/library/cc726898(WS.10).aspx . Since this is a new behavior with windows server 2008. To make a story short I have concluded that my DHCP server is looking for the NPS server For NAP integration however I didn’t setup any NPS server on the machine and I am not intending to use it, so I thought I would give it a try and try to disable NAP on my DHCP server for all the scopes. So I went to the IPv4 properties and opened the “Network Access protection” Tab examined everything and I disabled the NAP for all the scopes.
After disabling NAP I have restarted the DHCP services, and all the error Events that were occurring has disappeared, and then I went back and run the Fwctools on my clients and got successful results, same as the TMG firewall client Auto Detect worked properly.
you may notice the above snapshot that the DHCP server behavior when Network Policy Server (NPS) is unreachable is set to full however this didn’t keep the DHCP server from dropping WPAD queries. So I think it might be either a bug in DHCP 2008 R2 or this settings works only when you already have NPS Services installed but not reachable, which find doesn’t makes sence.
Hope that this information will be helpful for you