Solved

IPSec is blocking network traffic

Posted on 2010-08-30
2
1,610 Views
Last Modified: 2012-05-10
I have a windows 2003 Enterprise Edition x32 that after restarting stops responding on the network.

It is a domain controller that is also running Exchange 2003 Standard and one Virtual server instance.

The exact error message is "The ipsec driver has entered a Block mode.  IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemption."

One of the suggestions is to stop the IPSec services.  However I have a SSL certificate installed.

In addition to the ipsec error message there are 3 others that appear during the restart process all relating to the KDC service.

To fix the problem I simply do another restart and the server starts responding again and the error message goes away.

What on earth could be causing this?  Any suggestions would be appriciated.
ipsec-error.jpg
kdc-error.jpg
service-hang1.jpg
service-hang2.jpg
0
Comment
Question by:Douglas-Brouhard
2 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 33557788
From eventid.net extract

"As per Microsoft: "This problem occurs because the DNS Server service is listening on the UDP port that is required by another service. This problem occurs when the MaxUserPort registry entry is present. This registry entry is located in the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\". See M956189 for default values for MaxUserPort. "

Read those entries, maybe they will help you

http://www.eventid.net/display.asp?eventid=4292&eventno=5676&source=IPSec&phase=1
http://www.eventid.net/display.asp?eventid=20&eventno=3396&source=KDC&phase=1
http://www.eventid.net/display.asp?eventid=7022&eventno=111&source=Service%20Control%20Manager&phase=1
http://www.eventid.net/display.asp?eventid=7023&eventno=345&source=Service%20Control%20Manager&phase=1
0
 
LVL 17

Expert Comment

by:Tony Massa
ID: 33558411
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now