DNS Giving IAS The Axe

With the whole DNS fiasco going down here recently, vendors have been scrambling to push out patches for the vulnerability that will be demonstrated next month.  Unfortunately, it looks it like it has caused a few hiccups with Windows Server 2003 machines also running IAS.

Sometime after applying the patch for DNS, you might get the following error:

The Internet Authentication Service service terminated with the following error:
Only one usage of each socket address (protocol/network address/port) is normally permitted.

What's basically happening is that there are a number of services that use short lived UDP ports for conducting business. Unfortunately, it seems that after applying the most recent updates, DNS may monopolize one or more ports that IAS needs to function. After some searching, I found a fix at the following forum: http://forums.techarena.in/showthread.php?t=1000629. I ended up having to use both means of preventing a port collision: removing the MaxUserPort registry key, as well as setting some port reservations for ports 1812-1813.

This seems to have worked well, so I hope it works out for you too.

Posted on Jul 17
Written by Wayne Hartman