Monday, April 13, 2009

Network access blocked to a server

A domain controller running Windows 2003 Server SP1 ran out of disk space. When I tried to connect to it to clean up the disk, I found that the server was not accessible from network. Even ping didn't work. I logged in to the server's console and found the following events in the system log:

Source: IPSec
Event ID: 4294
Description:
The IPSec driver has entered Secure mode. IPSec policies, if they have been
configured, are now being applied to this computer.

Event type: Error
Source: IPSec
Event ID: 4292
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound 
TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. 
User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec 
services, and then restart the computer.  For detailed troubleshooting information, 
review the events in the Security event log.

The explanation was found in the following Microsoft KB article: http://support.microsoft.com/kb/912023. Apparently, the IPsec security policy registry key got corrupted, and IPsec panicked and blocked all access to the computer. The solution was, as described in the KB article in detail, to remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local.

Post a Comment