Re: IPSEC Goes Into Block Mode After Driver Update



Maybe due to installing MS08-037? See the latest SBS team blog.

http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx

"Bill Glidden" <billyg1943@xxxxxxxxxxx> wrote in message
news:%23SvHn5f7IHA.5164@xxxxxxxxxxxxxxxxxxxxxxx
SBS 2003 SP2 Premium (2 NIC). I updated the Promise TX 2300 BIOS and
Windows driver to the latest versions and rebooted the server. When server
restarted I got a 'At least one driver...' error message. There was no
network. I checked services and discovered that IPSEC was not started.
When I tried to start it I got:

Event Type: Error
Event Source: IPSec
Event Category: None
Event ID: 4292
Date: 25/07/2008
Time: 12:06:38 PM
User: N/A
Computer: GLIDDEN-SBS2K3
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound
and outbound TCP/IP network traffic that is not permitted by boot-time
IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP
connectivity, disable the IPSec services, and then restart the computer.
For detailed troubleshooting information, review the events in the
Security event log.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 c4 10 00 c0 ....Ä..À
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

So I disabled IPSEC and rebooted the server. Got the network back and was
then able to enable and start IPSEC.

What was this all about?

Cheers,
Bill




.