You cannot connect to the Internet, and you cannot join or log on to the domain if Windows Server 2003 SP1 is installed on the authenticating domain controller

SYMPTOMS:

Consider the following situation. Client a Windows XP computer is part of a Windows Server 2003 domain. Also, Windows Server 2003 Service Pack 1 (SP1) is installed on the authenticity of domain controller. In this situation, you experience the following symptoms:

• You cannot connect to the Internet.
• You cannot join or log on to the domain. Therefore, the domain controller is in IPsec Block mode.

You may get the following error message, when you run the IPSEC Services element on the domain controller.

The system cannot find the file specified.

Additionally, the following events may be logged in the server's System log:

Event Type: Error
Event Source: IPSEC
Event Category: None
Event ID: 4292
Date: Dateime
Time: Time08
User: N/A
Computer: COMPUTER_NAME

Description:

The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.


Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: Date
Time: Time
User: N/A
Computer: COMPUTER_NAME

Description:

The IPSEC Services service terminated with the following error: The system cannot find the file specified

CAUSE:

This issue may happen if the IPSec\Policy\Local registry key is remove or when there is a corrupted file in the policy store. The file may become corrupted if interruptions happen when the policy is being written to the disk.

RESOLUTION:

Follow these steps, to solve this problem.

1. Remove the local policy registry subkey. To execute this, pursue these instructions:

a. Click on the Start button>>and after that click on Run, type regedit in the Open box>> and after that click on OK.

b. In Registry Editor, locate plus after that click on the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\IPSec\Policy\Local

c. On the Edit menu>>click on the Delete.

d. Click Yes to confirm that you wish to delete the subkey.

e. Quit Registry Editor

2. Rebuild a new local policy store. To perform this, Click Start>>click Run>>type regsvr32 polstore.dll in the Open box, >> click OK.

3. Make sure that the IPSEC Services element is set to automatic, and then reboot the domain controller.

WORKAROUND:

To solve this issue, stop the IPSEC Services component, and then reboot the domain controller.