Hi, I have problem on several servers. After updates distributed via wsus random servers are entering ipsec blocking mode. Basically it is this: Event Type: Error Event Source: IPSEC Event Category: None Event ID: 4292 Date: <var style="box-sizing: border-box;">Dateime</var> Time: <var style="box-sizing: border-box;">Time08</var> User: N/A Computer: <var style="box-sizing: border-box;">COMPUTER_NAME</var> Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. Sometimes this solution http://support.microsoft.com/kb/912023 is working and I am also using this; net stop policyagent regsvr32 polstore.dll net start policyagent + reboot of server and it is working. I know that workaround to this is deploying gpo with disabled ipsec but I would like to know why is this happening. Do you know about any KB to solve prevent this? Thanks in advance Wojciech