Dealing with event 4292 on the IPSec Service
At last, after a few hours of thumb twiddling I have my new backup Domain Controller (DC) up and running under Virtual Server. A few hours you may ask? That is because whilst I was applying updates what did I find? Windows Server 2003 Service Pack 2 that is what.
Approaching Windows Server 2003 Service Pack 2 requires more than a little caution as I learned when downloaded it and applied it to our print server (which I often use for testing odd applications – tut tut – I know!). It failed to install on the print server much to my woe however I decided to take the plung and initially it seemed to go fine on the new DC. However, when rebooting the DC I got a message telling me “A driver failed to start”. Checking the Event Log on the server revealed a number of sudden problems – ranging from problems with Windows Management Instrumentation (WMI), Active Directory (AD), and others. I know for sure I have to get to the bottom of these problems before I can uninstall Active Directory from the old Windows 2000 DC – or apply Service Pack 2 to any other servers.
I did notice that the new DC was not responding at all to the network. In addition, no Network Interface Cards (NIC’s) appeared under the Networks section of the control panel. I have seen this once before to do with the IPSec Service and sure enough checking the event log – the first error I was:
“Event 4292: The IPSec service has entered block mode – to resolve disable IPSec and restart the server”
My plan initially was going to try that particilar fix- but I did a little more searching and according to Microsoft Knowledge Base article 912023 it says that a corrupt local policy could be the problem and the fix is to set the IPSec service to manual so it does not start up by default, restart the server then edit the registry and delete the following subkey: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsIPSecPolicyLocal then rebuild a new local policy store by running the command:
This should be followed up by setting the IPSec service back to automatic.