Dealing with event 4292 on the IPSec Service

Daily Technology Tips, Software, Downloads, Industry News | Technology Feed | Twitter | Sunday 14th March 2010

By Jason Slater
Tuesday, 27 March 2007

At last, after a few hours of thumb twiddling I have my new backup Domain Controller (DC) up and running under Virtual Server. A few hours you may ask? That is because whilst I was applying updates what did I find? Windows Server 2003 Service Pack 2 that is what.

Approaching Windows Server 2003 Service Pack 2 requires more than a little caution as I learned when downloaded it and applied it to our print server (which I often use for testing odd applications – tut tut – I know!). It failed to install on the print server much to my woe however I decided to take the plung and initially it seemed to go fine on the new DC. However, when rebooting the DC I got a message telling me “A driver failed to start”. Checking the Event Log on the server revealed a number of sudden problems – ranging from problems with Windows Management Instrumentation (WMI), Active Directory (AD), and others. I know for sure I have to get to the bottom of these problems before I can uninstall Active Directory from the old Windows 2000 DC – or apply Service Pack 2 to any other servers.

I did notice that the new DC was not responding at all to the network. In addition, no Network Interface Cards (NIC’s) appeared under the Networks section of the control panel. I have seen this once before to do with the IPSec Service and sure enough checking the event log – the first error I was:

“Event 4292: The IPSec service has entered block mode – to resolve disable IPSec and restart the server”

My plan initially was going to try that particilar fix- but I did a little more searching and according to Microsoft Knowledge Base article 912023 it says that a corrupt local policy could be the problem and the fix is to set the IPSec service to manual so it does not start up by default, restart the server then edit the registry and delete the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local then rebuild a new local policy store by running the command:

regsvr32 polstore.dll

This should be followed up by setting the IPSec service back to automatic.

About This Technology Blog

jasonmono Jason Slater is an independent technologist and blogger.

Here you will find technology discussion, industry news, useful software and hints and tips to help get the best out of technology. To learn more about the site visit the about page.

Get In Touch

Get in touch with me, about this site, or to let people know about your software, hardware, or services. Write to hello@jasonslater.co.uk, or send me a tweet.

Say thanks

If you found something useful on this site and want to say thanks - please consider donating to the tipjar to help with the running costs of this site.