Server 2003 IPSec Event ID 4292 ocasionally after reboot - Blocking TCP/IP traffic

Posted on 2008-11-19
Last Modified: 2012-05-05
We reboot our servers weekly, every 7 weeks or so, one of the servers is unreachable and needs to be rebooted.  
Windows Server 2003 R2 Standard edition
I have attached a txt file with the systeminfo output.
This server is not used to create VPN tunnels.

Is there any reason for Server 2003 to run IPSec Service?
Let me know if you need more information, I didn't want to make this too unreadable.
In the Event Log I recieve the following Event:
Event Type:      Error
Event Source:      IPSec
Event Category:      None
Event ID:      4292
Date:            11/16/2008
Time:            12:04:52 PM
User:            N/A
Computer:      SERVER
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer.  For detailed troubleshooting information, review the events in the Security event log.

For more information, see Help and Support Center at
0000: 00 00 00 00 01 00 54 00   ......T.
0008: 00 00 00 00 c4 10 00 c0   ....Ä..À
0010: 01 00 00 00 00 00 00 00   ........
0018: 00 00 00 00 00 00 00 00   ........
0020: 00 00 00 00 00 00 00 00   ........

Question by:runsysrun
    1 Comment
    LVL 15

    Accepted Solution

    Since you don't have an IPSec policy, disable the service. It should have no effect on the server functionality. However, test it just to make sure functionality is not impaired. The IPSec driver could be corrupt. It could be some local or group policy done by an admin that is not disabled. Unfortunately, I have seen this but have not found any hotfixes. Make sure all service packs are current. You will need to reboot after disabling this service

    In a worst case scenario, you might have to rebuild the TCP/IP stack, and sometimes the winsock fix might even help

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
    Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now