What
After rebooted the Windows Server, IPSEC service stopped, cannot ping internal IP or ping out to the internet.
Error Messge / Symptom
the following events may be logged in the server's System log:
Event Type: Error
Event Source: IPSEC
Event Category: None
Event ID: 4292
Date: Dateime
Time: Time08
User: N/A
Computer: COMPUTER_NAME
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.;
Event Source: IPSEC
Event Category: None
Event ID: 4292
Date: Dateime
Time: Time08
User: N/A
Computer: COMPUTER_NAME
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.;
Solution / Fix
This problem can occur if the IPSec\Policy\Local registry key is deleted or when there is a corrupted file in the policy store. One typical casue is running out of space in Drive C:, the OS disk partition.
Please follow below steps to remediate :
- Delete the local policy registry subkey. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- In Registry Editor, locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
- On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey.
- Quit Registry Editor
- Rebuild a new local policy store. To do this, Click Start, click Run, type regsvr32 polstore.dll in the Open box, and then click OK.
- Verify that the IPSEC Services component is set to automatic, and then restart the Server.
No comments:
Post a Comment