Windows Server 2003 IPSEC blocking mode event 4292
Hi,
I have problem on several servers. After updates distributed via wsus random servers are entering ipsec blocking mode.
Basically it is this:
Event Type: Error
Event Source: IPSEC
Event Category: None
Event ID: 4292
Date: <var style="box-sizing: border-box;">Dateime</var>
Time: <var style="box-sizing: border-box;">Time08</var>
User: N/A
Computer: <var style="box-sizing: border-box;">COMPUTER_NAME</var>
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.
Sometimes this solution http://support.microsoft.com/kb/912023 is working and I am also using this;
net stop policyagent
regsvr32 polstore.dll
net start policyagent
+ reboot of server and it is working.
I know that workaround to this is deploying gpo with disabled ipsec but I would like to know why is this happening.
Do you know about any KB to solve prevent this?
Thanks in advance
Wojciech
June 28th, 2011 6:25am