Tuesday, March 29, 2011

No network connectivity - IPSEC Event ID's 7023, 4292

I ran into an issue with a few servers that shutdown unexpectedly. After rebooting the servers appeared to boot normally but would lose network connectivity during the bootup process. I noticed that the IPSEC service would not start with Error 2: The system cannot find the file specified. This is also associated with Event ID 7023. Also in the Windows logs was Event ID 4292 which states that the IPSEC driver has entered Block mode. That error indicates that all inbound and outbound TCP/IP traffic is being blocked.

To resolve this issue I followed the solution in Microsoft KB article 870910 at http://support.microsoft.com/kb/870910 . I noticed, however, that the servers didn't have the key indicated in step one so I skipped that part and went to step two to register the dll (regsvr32 polstore.dll) and that resolved the issue for me. Once the dll was registered successfully I was then able to start the IPSEC service and connectivity was restored. I rebooted again for good measure.