Re: IPSEC PolicyAgent Service failure on first boot of new server

From: bbergero <bbergero@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 23 Mar 2006 14:48:01 -0800

Thanks for taking time to reply. I did browse various IPSEC documentation,
including your linked article, and found nothing that answers my question.
We were dry-running a server replacement procedure for our customer, and this
quirk is consistent. I verified that a new NIC or CPU does not cause this
(only replacing the entire server, and re-using the same disks). This quirk
may be related to some kind of machine identity stored in BIOS.

Moral of the story: If replacing the server or motherboard (or whatever
board contains system BIOS). Don't be surprised if IPSEC driver fails on
first boot; just reboot again and everything will be okay. :)

"Steven L Umbach" wrote:

Off hand I don't know and if future reboots do not exhibit the problem then
that is probably a quirk you will expect to see. If you have not seen it the
link below it is the best I know of on troubleshooting ipsec for Windows and
may help. --- Steve

http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecch7.mspx

"bbergero" <bbergero@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EE4726E7-4E27-4A9A-80D6-10EADB9FC4C3@xxxxxxxxxxxxxxxx

Win2K Adv Svr SP2 Cluster Active/Passive
Virtual SQl Server 2K SP2

When one of the servers in the cluster is replaced (re-use same drives),
on
the first boot, PolicyAgent events 319 and 321 (Oakley and Ipsec driver
failed to start). Services shows IPSEC PolicyAgent is stopped. However,
everything is OK on next boot. Is this expected? Is there some
association
with hardware (CPU identity or NIC MAC address)? Or is this related to
something fixed in a later Service Pack?

Thanks

Follow-Ups:
- Re: IPSEC PolicyAgent Service failure on first boot of new server
  - From: Steven L Umbach

References:
- Re: IPSEC PolicyAgent Service failure on first boot of new server
  - From: Steven L Umbach

Prev by Date: Re: error 1920 on 2000 sm bus server
Next by Date: Re: Backing up
Previous by thread: Re: IPSEC PolicyAgent Service failure on first boot of new server
Next by thread: Re: IPSEC PolicyAgent Service failure on first boot of new server
Index(es):
- Date
- Thread

Relevant Pages

Re: L2TP/IPSec Verbindung läuft mit XP SP2 nicht mehr
... In XPSP2 the IPsec driver needs a registry setting when either the ... server or workstation are behind a NAT gateway. ... 1- Client initiates to a server that is behind the NAT ... > Peer Private Addr ...
(microsoft.public.de.german.windowsxp.networking)
Re: Should I install Certificate Authority to solve these problems ?
... You can use IPsec with or without certs from your PKI. ... negotiations to your AD machines or those trusting the ... > In the item 1 below, the tool in use is a HP server management tool (type ... >>> Management is pushing to get Certificate Authority ...
(microsoft.public.win2000.security)
Re: SP1 install and win2k3 server 2003
... server what other programs/drivers are loaded if AV was or not installed on ... I'm not going to install SP1 again until I know what went wong, ... IpSec are not blocking the system connetivity. ...
(microsoft.public.windows.server.general)
Re: Unexpected shutdown
... - HP NC7761 Gigabit Server: ... - The IPSec Driver is starting in Bypass mode. ... - The Exchange IFS driver loaded successfully. ... Is anything scheduled at that time within scheduler? ...
(microsoft.public.windows.server.general)
Re: SBS2000 to router IPSEC
... controler (as SBS is) and the ipsec policie is configures in Local policies. ... Today, after some more testings and a full server restart, it seems like the ...
(microsoft.public.windows.server.sbs)