Solved

can i turn off IPSec

Posted on 2008-10-28
8
3,409 Views
Last Modified: 2012-06-21
Microsoft Server 2003, Small Business, SP2

Can I disable the "IPSEC Services" service with no repercussions? or will doing that blow the server up?

See this error in event viewer: "The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. " and I don't really use IPSEC so I don't want to risk IPSEC freaking out and blocking my legit users.

Thanks
0
Comment
Question by:shard26
  • 4
  • 4
8 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22825676
If you are not using IPSec then you can disregard those error messages, they will not affect your users.

So if you aren't using and IPSec infrastructure you will be able to disable the services without issue. That being said I would stay a little late one night and do it just on the off chance that something is affected.
0
 
LVL 4

Author Comment

by:shard26
ID: 22825839
How can I verify that we are not using IPSec? Just to be safe.


0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22825947
If you didn't turn it on explicitly (and I assume you are the network admin) then you aren't using it.

If you still want to double check then just go to a client machine and go Start -> Run -> "Secpol.msi" .

In the bottom of that list you will see something like what is in the image that I attached. You will then be able to see if any of the policies are enabled.

For future reference, here is a good guide about implementing IPSec in your domain:

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
IPSecPol.jpg
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 4

Author Comment

by:shard26
ID: 22826423
computer doesn't know the command secpol.msi
0
 
LVL 4

Author Comment

by:shard26
ID: 22826530
i am pretty confident we have set up no policies.
0
 
LVL 14

Expert Comment

by:dfxdeimos
ID: 22826577
If it doesn't recognize secpol.msi you can launch the MMC by going Start -> Run -> "MMC" and then adding the Local Security Policy Snap-In.

I am also pretty confident that you don't have policies in place. =]
0
 
LVL 4

Author Comment

by:shard26
ID: 22827929
so no policies in place means i can kill the service?

0
 
LVL 14

Accepted Solution

by:
dfxdeimos earned 350 total points
ID: 22828492
Yes.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question