Question

Windows server 2003 does not communicate with network

Asked by: sylvain_langlois

Hello,


After installing Service Pack 1 on my Windows Server 2003, the server does not communicate anymore with the rest of my network.  This server is a DC.  Here's what happens:

During the startup process, the server is "pingable" for a short period of time.  Then, there's a window that pops-up saying that "At least one service or driver failed during system startup.  Use event viewer to examine the event log for details."  At that point, the server acts like it's offline.

I checked the device manager and my network card status is ok.  Windows even tells me that the card is connected to the network.  Pinging 127.0.0.1 works.

After examining the event viewer, here's what I found:

Event ID: 4292
Source: IPSec
Type: Error

Description: The IPSec driver has entered Block mode.  IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.  User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and the restart the computer.  For detailed troubleshooting information, review the events in the Security event log.


Event ID: 7023
Source: Service Control Manager
Type: Error

Description: The IPSEC Services service terminated with the following error: The system cannot find the file specified.


When I look in the services window, I see that the IPSEC Services is stopped.  When I try to start it, I get a pop-up saying "Could not start the IPSEC Services service on Local Computer.  Error 2: The system cannot find the file specified."

I don't want to disable the IPSec services as suggested in the first error description.  I have another Windows Server 2003 SP1 (another DC), and the IPSec service is working fine.

I tried to remove the NIC from the device manager and I rebooted to reinstall it.  I tried rebuilding the TCP/IP stack (netsh int ip reset).  I tried repairing Winsock (netsh winsock reset).  I tried scanning the Windows protected file (sfc /scannow).  The only thing that kinda solved my problem was uninstalling SP1.  Of course, that is not really an option...

Thanks for your help!

Syl

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2005-08-12 at 08:06:56ID21525275
Tags

ipsec

,

2003

,

windows

,

server

Topic

Windows NT Networking

Participating Experts
3
Points
500
Comments
12

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Winsock
    I need an application I am writing in C++ to be able to use WinSock (or other method) to block all TCP/IP sockets at the click of a button (and obviously resume the traffic). Does anyone how I would go about this in C++? Thanks.
  2. IPSEC
    My Enterprise has one 2000 AD Server and one XP Client. Both operate normally and can logon and off the domain without any problems. I Applied the Server (Request Security) IPSEC Policy to the Domain Controller in my Enterprise using Kerberos authentication. Its the defa...
  3. how to allow outbound IPSec traffic on a ASA 5510
    I have a few clients who need to connect to a remote network via IPSec. By default it seems that my asa 5510 blocks outbound IPSec traffic. How can I allow IPSec traffic to leave my network?
  4. can i turn off IPSec
    Microsoft Server 2003, Small Business, SP2 Can I disable the "IPSEC Services" service with no repercussions? or will doing that blow the server up? See this error in event viewer: "The IPSec driver has entered Block mode. IPSec will discard all inbound and ou...
  5. IPSec
    What are the advantages and disadvantages of implementing IPSec using these methods: 1. Gateway to Gateway (using Firewall features) 2. Gateway to Gateway (using Router) 3a. Host to host (tunnel mode) 3b. Host to host (transport mode) Is it true that IPSec theory host to ho...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: MikeKanePosted on 2005-08-12 at 09:54:25ID: 14662517

Just a few quick thoughts....

1) Sp1 has a Windows firewall, just like XP SP2, please make sure it's still OFF, should be by default, but check anyway.  
2) Have you run the Security Wizard that comes with SP1?  
3) You mentioned you could ping 127.0.0.1, can you ping its own network IP address?   May I assume this is a static IP?  If it's DHCP assigned, you should really but the DC as a static IMHO.  
4)  I've read about issues with 2003 SP1 and ISA server issues.   Do you run ISA on this host?


 

by: sylvain_langloisPosted on 2005-08-12 at 10:21:50ID: 14662787

Hello,

1- Windows Firewall is off
2- I didn't see any Security Wizard...  How would I run it?
3- It is statis and, yes, it can ping its own network IP address
4- This server does not run ISA...


Thanks for your help!



Syl

 

by: gsgiPosted on 2005-08-12 at 18:37:59ID: 14666183

If you use powerchute, disable the PBE agent in SAFE MODE and upgrade it to v7.  The java certificate in the old java runtime engine died 7/27/2005. -gsgi

 

by: bbaoPosted on 2005-08-12 at 19:05:24ID: 14666262

it seems that at least one of the IPSEC related files of W2K3 missed or corrupt after SP1 installed. is the order of the above-mentioned events just the order appears in windows event log? any more related items in your windows event logs?

 

by: sylvain_langloisPosted on 2005-08-15 at 05:41:56ID: 14673852


gsgi: powerchute is not installed on that computer.

bbao: the event ID 4292 appears first, then the 7023.  They appear in the System event log.  I checked the application log, there are 3 errors, they appear between the event 4292 and 7023.

First...

Event ID: 1097
Source: Userenv
Type: Error

Description: Windows cannot find the machine account.  No authority could be contacted for authentication.


Then...

Event ID: 1030
Source: Userenv
Type: Error

Description: Windows cannot query the list of Group Policy objects.  Check the event log for possible messages previously logged by the policy engine that describes the reason for this.


Finally...

Event ID: 1054
Source: Userenv
Type: Error

Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted). Group policy precessing aborted.


Thanks for you help!


Syl

 

by: gsgiPosted on 2005-08-15 at 08:07:57ID: 14675045

I listed these as I thought of them, maybe check 3, then 5, then 4, then 1, then 2.  sorry - gsgi

1.  You might try http://www.spychecker.com/program/winsockxpfix.html
2.  You might try uninstalling sp1 and reinstalling sp1
3.  It is possible that it is a simple as you nic came up disabled in network settings
4.  It is possible that sp1 loaded a new driver for your nic - can you run nic utils
5.  This usenet article says to add "Client for Microsoft Network"

http://groups-beta.google.com/group/microsoft.public.windowsxp.security_admin/browse_thread/thread/4a9080f7d99c8fb4/a1efdeb3ce2b119a?lnk=st&q=Could+not+start+the+IPSEC+Services+7023&rnum=7&hl=en#a1efdeb3ce2b119a

 

by: sylvain_langloisPosted on 2005-08-15 at 09:21:06ID: 14675647

gsgi:


1: After running this utility and rebooting, the problem is still there
2: I did uninstall and reinstall SP1 and the problem is still there
3: My nic is enabled in the network settings
4: I reinstalled my old nic driver (even though SP1 didn't replace it) and the problem is still there
5: "Client for Microsoft Network" is already installed

 

by: gsgiPosted on 2005-08-15 at 09:26:33ID: 14675691

After doing #1 you have to reset all your networking ips, advanced TCPIP, etc.  I know you know this but I just have to be sure that you put the ip and stuff  back in.

The server is still not communicating on the network at all?

does ipconfig /all from a command window say stuff or error out?

-gsgi

 

by: sylvain_langloisPosted on 2005-08-15 at 10:45:41ID: 14676422

gsgi:  I didn't need to put the ips back, it was still there.  The server does not communicate at all.  I tried to start the IPSEC services and I got the same error message.

ipconfig /all gives me the normal response, no error message there.


 

by: gsgiPosted on 2005-08-15 at 11:13:19ID: 14676664

do you have network connectivity from safe mode with networking.

can you make a list of running services on the dc that is working and compare it to this one?

have you recently uninstalled a firewall or anti virus program?

-gsgi

 

by: gsgiPosted on 2005-08-15 at 11:15:08ID: 14676690

 

by: sylvain_langloisPosted on 2005-08-16 at 04:21:22ID: 14681514

gsgi: Awesome!  The solution at the end of the problem you posted did it.  Didn't have the registry key but registering the .DLL solved the problem.

Thanks a lot!


Syl

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...