Christianlawson
asked on
IPSEC fails to start after installing SP1 for Windows 2003 on Domain Controller/Global catalog server
IPSEC fails to start after installing SP1 for Windows 2003 on Domain Controller/Global catalog server
Eventlog (ID 4292) says:
IPSEC driver has entered block mode. Ipsec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. This is event id 4292. This is a Windows 2003 server machine.
Manually trying to start IPSEC service:
Could not start the IPSEC service
ERROR 2: The system cannot find the file specified.
Also a few Kerberos errors in security log at the same time:
Source security
Event ID 537
Logon process authz
Authentication package Kerberos
Status 0xC000005E
IF I uninstall w2k3 SP1 eveything works again perfectly.
Eventlog (ID 4292) says:
IPSEC driver has entered block mode. Ipsec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. This is event id 4292. This is a Windows 2003 server machine.
Manually trying to start IPSEC service:
Could not start the IPSEC service
ERROR 2: The system cannot find the file specified.
Also a few Kerberos errors in security log at the same time:
Source security
Event ID 537
Logon process authz
Authentication package Kerberos
Status 0xC000005E
IF I uninstall w2k3 SP1 eveything works again perfectly.
ASKER
Found the local IP Security policy on this DC was corrupt: https://premier.microsoft.com/default.aspx?scid=kb;en-us;870910
All fine now, never seen this before though
All fine now, never seen this before though
Christianlawson, Remeber to close the question...
Was lasass.exe corrupted?
ASKER
No the local IP security policy for the machine was corrupted.
ASKER
The fix is here: http://support.microsoft.com/default.aspx?scid=kb;en-us;870910
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
IPSec Service (if it is not started) blocks all your TCP/IP connections. maybe LASS.EXE is corrupted in C:\Windows\System32, but first try this.
Click on Start
then type:
REGSVR32 polstore.dll
Regards
Click on Start
then type:
REGSVR32 polstore.dll
Regards
This happened to me too, my server is on sp2, though 4 Microsoft updates were put on before this happened. I found kb912023, deleted the key and ran regsvr32 polstore.dll which fixed the problem.
Can anyone help ? I am having exactly the same problem with djsellin after applying monthly critical/security patches for Aug 2008 . Tried to delete regkey and run regsvr32 polstore.dll, but still the problem persists. MY server is Windows 2003 Std SP2. And the server is a member server ,not domain controller.
Am stuck up with the same issue. However, I found that it's all happening since polstore.dll registeration getting broken after every reboot and thus IPsec entering Blocked mode during startup and delaying the whole startup and logon process.
Any idea how to make polstore.dll registeration persisting across reboots?
Any idea how to make polstore.dll registeration persisting across reboots?
poweronedr, thank you for the solution. You solved my problem.
Glad to help!
it solved my problem too ....excellent work
poweronedr, thank you for the solution. Worked great!
excellent helped me too :)
There are a group of known problems with the SP1 update.
You can also do an online scna of your security logs.. that might help: http://www.gfi.com/eventlogscan/