One interesting thing, upon reboot, I would receive ping replies, then they would abruptly stop:
The Event logs had the following:
Event ID: 4292 The IPSec driver has entered Block mode
Apparently, the IPsec service on the server 'lost its mind" and placed the NIC in a blocked state. The resolution according to Microsoft KB 912023 is as follows:
To resolve this issue, follow these steps:
- Delete the local policy registry subkey. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- In Registry Editor, locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
- On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey.
- Quit Registry Editor
- Rebuild a new local policy store. To do this, Click Start, click Run, type regsvr32 polstore.dll in the Open box, and then click OK.
- Verify that the IPSEC Services component is set to automatic, and then restart the domain controller.
regsvr32 polstore.dll
I bounced the server several times to confirm that the server came up clean and the issue had been resolved.
thanks! I was trying to figure this out since yesterday...
ReplyDelete