JSI Tip 10125. If the authenticating domain controller runs Windows Server 2003 SP1, you cannot join or log on to the domain and you cannot connect to the Internet?

In addition to the subject behavior, when you start the IPSEC Services component on the domain controller, you receive:

The system cannot find the file specified.

The System Event log may contain:

Event Type: Error
Event Source: IPSEC
Event Category: None
Event ID: 4292
Date: MM/DD/YYYY
Time: HH:MM:SS
User: N/A
Computer: <COMPUTER NAME>
Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound
             TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. 


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: MM/DD/YYYY
Time: HH:MM:SS
User: N/A
Computer: <COMPUTER NAME>
Description: The IPSEC Services service terminated with the following error: The system cannot find the file specified
This behavior is symptomatic of a corrupted file in the policy store, possibly caused by a power outage or other invalid shutdown.

To resolve this issue:

1. Open a CMD.EXE window on the Windows Server 2003 SP1 domain controller.

2. Type the following commands and press Enter after each line:

REG DELETE HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /F
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\IPSec /V Start /T REG_DWORD /F /D 2
regsvr32 /s polstore.dll

3. Shutdown and restart the Windows Server 2003 SP1 domain controller.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish