Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1171
  • Last Modified:

Server 2003 IPSec Event ID 4292 ocasionally after reboot - Blocking TCP/IP traffic

We reboot our servers weekly, every 7 weeks or so, one of the servers is unreachable and needs to be rebooted.  
Windows Server 2003 R2 Standard edition
I have attached a txt file with the systeminfo output.
This server is not used to create VPN tunnels.

Is there any reason for Server 2003 to run IPSec Service?
Let me know if you need more information, I didn't want to make this too unreadable.
In the Event Log I recieve the following Event:
Event Type:      Error
Event Source:      IPSec
Event Category:      None
Event ID:      4292
Date:            11/16/2008
Time:            12:04:52 PM
User:            N/A
Computer:      SERVER
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer.  For detailed troubleshooting information, review the events in the Security event log.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00   ......T.
0008: 00 00 00 00 c4 10 00 c0   ....Ä..À
0010: 01 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........

systeminfo-server2003.txt
0
runsysrun
Asked:
runsysrun
1 Solution
 
bignewfCommented:
Since you don't have an IPSec policy, disable the service. It should have no effect on the server functionality. However, test it just to make sure functionality is not impaired. The IPSec driver could be corrupt. It could be some local or group policy done by an admin that is not disabled. Unfortunately, I have seen this but have not found any hotfixes. Make sure all service packs are current. You will need to reboot after disabling this service

In a worst case scenario, you might have to rebuild the TCP/IP stack, and sometimes the winsock fix might even help
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now