A domain controller running Windows 2003 Server SP1 ran out of disk space. When I tried to connect to it to clean up the disk, I found that the server was not accessible from network. Even ping didn't work. I logged in to the server's console and found the following events in the system log:
Source: IPSec Event ID: 4294 Description: The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer. Event type: Error Source: IPSec Event ID: 4292 Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
The explanation was found in the following Microsoft KB article: http://support.microsoft.com/kb/912023. Apparently, the IPsec security policy registry key got corrupted, and IPsec panicked and blocked all access to the computer. The solution was, as described in the KB article in detail, to remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local.
No comments:
Post a Comment