Re: IPSEC PolicyAgent Service failure on first boot of new server



Very interesting. Thanks for posting back as that information is good to
know. A reboot may save someone a lot of grief. --- Steve


"bbergero" <bbergero@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5882B097-6995-417C-8085-CA68A1D3A2E6@xxxxxxxxxxxxxxxx
Thanks for taking time to reply. I did browse various IPSEC
documentation,
including your linked article, and found nothing that answers my question.
We were dry-running a server replacement procedure for our customer, and
this
quirk is consistent. I verified that a new NIC or CPU does not cause this
(only replacing the entire server, and re-using the same disks). This
quirk
may be related to some kind of machine identity stored in BIOS.

Moral of the story: If replacing the server or motherboard (or whatever
board contains system BIOS). Don't be surprised if IPSEC driver fails on
first boot; just reboot again and everything will be okay. :)

"Steven L Umbach" wrote:

Off hand I don't know and if future reboots do not exhibit the problem
then
that is probably a quirk you will expect to see. If you have not seen it
the
link below it is the best I know of on troubleshooting ipsec for Windows
and
may help. --- Steve

http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecch7.mspx

"bbergero" <bbergero@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EE4726E7-4E27-4A9A-80D6-10EADB9FC4C3@xxxxxxxxxxxxxxxx
Win2K Adv Svr SP2 Cluster Active/Passive
Virtual SQl Server 2K SP2

When one of the servers in the cluster is replaced (re-use same
drives),
on
the first boot, PolicyAgent events 319 and 321 (Oakley and Ipsec driver
failed to start). Services shows IPSEC PolicyAgent is stopped.
However,
everything is OK on next boot. Is this expected? Is there some
association
with hardware (CPU identity or NIC MAC address)? Or is this related to
something fixed in a later Service Pack?

Thanks





.