IPSEC fails to start after installing SP1 for Windows 2003 on Domain Controller/Global catalog server

IPSEC fails to start after installing SP1 for Windows 2003 on Domain Controller/Global catalog server

Eventlog (ID 4292) says:
IPSEC driver has entered block mode.  Ipsec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer.  This is event id 4292.  This is a Windows 2003 server machine.

Manually trying to start IPSEC service:
Could not start the IPSEC service
ERROR 2: The system cannot find the file specified.

Also a few Kerberos errors in security log at the same time:
Source security
Event ID 537
Logon process authz
Authentication package Kerberos
Status 0xC000005E

IF I uninstall w2k3 SP1 eveything works again perfectly.
ChristianlawsonAsked:
Who is Participating?
 
NetminderConnect With a Mentor Commented:
Closed, 500 points refunded.
Netminder
Site Admin
0
 
LazarusCommented:
Check this link out and see if any of the problems apply to your configuration: http://support.microsoft.com/?scid=kb;en-us;896367&spid=3198
There are a group of known problems with the SP1 update.

You can also do an online scna of your security logs.. that might help: http://www.gfi.com/eventlogscan/
0
 
ChristianlawsonAuthor Commented:
Found the local IP Security policy on this DC was corrupt: https://premier.microsoft.com/default.aspx?scid=kb;en-us;870910

All fine now, never seen this before though
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
LazarusCommented:
Christianlawson,  Remeber to close the question...
0
 
GinEricCommented:
Was lasass.exe corrupted?
0
 
ChristianlawsonAuthor Commented:
No the local IP security policy for the machine was corrupted.
0
 
ChristianlawsonAuthor Commented:
0
 
poweronedrCommented:
IPSec Service (if it is not started) blocks all your TCP/IP connections. maybe LASS.EXE is corrupted in C:\Windows\System32, but first try this.
Click on Start
then type:
REGSVR32 polstore.dll

Regards
0
 
djsellinCommented:
This happened to me too, my server is on sp2, though 4 Microsoft updates were put on before this happened. I found kb912023, deleted the key and ran regsvr32 polstore.dll which fixed the problem.

0
 
satoru_higumaCommented:
Can anyone help ? I am having exactly the same problem with djsellin after applying monthly critical/security patches for Aug 2008 . Tried to delete regkey and run regsvr32 polstore.dll, but still the problem persists. MY server is Windows 2003 Std SP2. And the server is a member server ,not domain controller.
0
 
deshawCommented:
Am stuck up with the same issue. However, I found that it's all happening since polstore.dll registeration getting broken after every reboot and thus IPsec entering Blocked mode during startup and delaying the whole startup and logon process.
Any idea how to make polstore.dll registeration persisting across reboots?
 
0
 
pixelchefCommented:
poweronedr, thank you for the solution. You solved my problem.
0
 
poweronedrCommented:
Glad to help!
0
 
Amir4uCommented:
it solved my problem too ....excellent work
0
 
tsisupportCommented:
poweronedr, thank you for the solution. Worked great!
0
 
GarethABCCommented:
excellent helped me too :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.