You cannot connect to the Internet, and you cannot join or log on to the domain if Windows Server 2003 SP1 is installed on the authenticating domain controller (912023)
The information in this article applies to:
- Microsoft Windows Server 2003 SP1, when used with:
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
- Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows registry SYMPTOMSConsider the following scenario. A Microsoft Windows XP-based client computer is joined to a Microsoft Windows Server 2003 domain. Additionally, Windows Server 2003 Service Pack 1 (SP1) is installed on the authenticating domain controller. In this scenario, you experience the following symptoms: - You cannot connect to the Internet.
- You cannot join or log on to the domain. Therefore, the domain controller is in IPsec Block mode.
When you start the IPSEC Services component on the domain controller, you may receive an error message that is similar to the following: The system cannot find the file specified. Additionally, the following events may be logged in the server's System log:Event Type: Error Event Source: IPSEC Event Category: None Event ID: 4292 Date: DateimeTime: Time08User: N/A Computer: COMPUTER_NAMEDescription:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
Event Type: Error Event Source: Service Control Manager Event Category: None Event ID: 7023 Date: DateTime: TimeUser: N/A Computer: COMPUTER_NAMEDescription:
The IPSEC Services service terminated with the following error:
The system cannot find the file specified
CAUSEThis problem occurs when there is a corrupted file in the policy store. The file may become corrupted if an interruption occurs when the policy is being written to the disk. RESOLUTIONWarning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.To resolve this issue, follow these steps: - Delete the local policy registry subkey. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- In Registry Editor, locate and then click the following subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
- On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey.
- Quit Registry Editor
- Rebuild a new local policy store. To do this, Click Start, click Run, type regsvr32 polstore.dll in the Open box, and then click OK.
- Verify that the IPSEC Services component is set to automatic, and then restart the domain controller.
WORKAROUNDTo temporarily work around this problem, disable the IPSEC Services component, and then restart the domain controller.REFERENCESFor more information about IPsec Block mode. visit the following Microsoft Web site:
| Modification Type: | Major | Last Reviewed: | 2/24/2006 |
|---|
| Keywords: | kbwinservnetwork kbnetwork kbtshoot kbprb kbBug kbmsccsearch kbpubtypekc KB912023 kbAudITPRO |
|---|
|