SYMPTOMS
When you try to open the Internet Protocol security (IPSec) Microsoft Management Console (MMC) policy on a Microsoft Windows Server 2003-based computer, you receive the following error message:
The IPSec Policy storage container could not be opened. The following error occurred: The system cannot find the file specified. (80070002).
When this problem occurs, events that are similar to the following may be logged:Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7040
Date:
DateTime:
TimeUser: NT AUTHORITY\SYSTEM
Computer:
ComputerNameDescription:
The start type of the IPSEC Services service was changed from disabled to auto start.
### IPSEC service is started by a GPO. This has been confirmed by disabling the IPSEC service, then running gpupdate /force.Event Type: Information
Event Source: IPSec
Event Category: None
Event ID: 4294
Date:
DateTime:
TimeUser: N/A
Computer:
ComputerNameDescription:
The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 c6 10 00 40 ....?..@
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........Event Type: Error
Event Source: IPSec
Event Category: None
Event ID: 4292
Date:
DateTime:
TimeUser: N/A
Computer:
ComputerNameDescription:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 c4 10 00 c0 ....?..¨¤
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date:
DateTime:
TimeUser: NT AUTHORITY\SYSTEM
Computer:
ComputerNameDescription:
The IPSEC Services service was successfully sent a start control.Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date:
DateTime:
TimeUser: N/A
Computer:
ComputerNameDescription:
The IPSEC Services service entered the stopped state.Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date:
DateTime:
TimeUser: N/A
Computer:
ComputerNameDescription:
The IPSEC Services service terminated with the following error:
The system cannot find the file specified.
RESOLUTION
To resolve this issue, delete the following registry subkey and then rebuild the policy:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Local
To do this, follow these steps.
Note When you follow these steps, you delete the local policy. You must rebuild the local policy.
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
- Delete the local policy registry subkey. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
- On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey.
- Quit Registry Editor
- Rebuild a new local policy store. To do this, follow this step:
- Click Start, click Run, type regsvr32 polstore.dll, and then click OK.