Our domain is ancient. It was upgraded from NT4 to 2000 to 2003 to 2008. We're waiting on upgrading to R2 as we have plans to upgrade to 2012.
The only nagging problem we have is that we get a System Log entry each time policy is refreshed:
Windows failed to apply the IP Security settings. IP Security settings might have its own log file. Please click on the "More information" link.
I came on board after the upgrade to 2003, and I've never been able to chase this down. I've poured through the policy settings and cannot see anything related to IPSec in the settings. My only thought is that it was maybe in a .pol file that was rolled in during one of the domain upgrades, is now deprecated, but is still hidden somewhere in the policy.
We've tried recreating the policy line by line, but for some reason it hoses everything on subsequent policies. Previous admin enforced the policy at the top level, so finding a) what is breaking and b) where to place those settings downstream has been a nightmare.
The IPSec settings thing is more annoying than crippling, but it would still be nice to get out of the way.
Any thoughts on how to dig into the policy to find these archaic settings?