Article ID: 870910 - Last Review: October 30, 2006 - Revision: 3.3

You receive an error message when you try to open the IPSec MMC policy on a Windows Server 2003-based computer

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.
Expand all | Collapse all

SYMPTOMS

When you try to open the Internet Protocol security (IPSec) Microsoft Management Console (MMC) policy on a Microsoft Windows Server 2003-based computer, you receive the following error message:
The IPSec Policy storage container could not be opened. The following error occurred: The system cannot find the file specified. (80070002).
When this problem occurs, events that are similar to the following may be logged:

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7040
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: ComputerName
Description: The start type of the IPSEC Services service was changed from disabled to auto start.

### IPSEC service is started by a GPO. This has been confirmed by disabling the IPSEC service, then running gpupdate /force.

Event Type: Information
Event Source: IPSec
Event Category: None
Event ID: 4294
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer.

Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 c6 10 00 40 ....?..@
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error
Event Source: IPSec
Event Category: None
Event ID: 4292
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.

Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 c4 10 00 c0 ....?..¨¤
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: ComputerName
Description: The IPSEC Services service was successfully sent a start control.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: The IPSEC Services service entered the stopped state.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description: The IPSEC Services service terminated with the following error:
The system cannot find the file specified.

Back to the top

CAUSE

A corrupted file in the policy store causes this problem. An interruption that occurs when the policy is being written to the disk may cause the corruption.
Back to the top

RESOLUTION

To resolve this issue, delete the following registry subkey and then rebuild the policy:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Local
To do this, follow these steps.

Note When you follow these steps, you delete the local policy. You must rebuild the local policy.

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756  (http://support.microsoft.com/kb/322756/ ) How to back up and restore the registry in Windows
  1. Delete the local policy registry subkey. To do this, follow these steps:
    1. Click Start, click Run, type regedit, and then click OK.
    2. In Registry Editor, locate and then click the following subkey:
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
    3. On the Edit menu, click Delete.
    4. Click Yes to confirm that you want to delete the subkey.
    5. Quit Registry Editor
  2. Rebuild a new local policy store. To do this, follow this step:
    1. Click Start, click Run, type regsvr32 polstore.dll, and then click OK.
Back to the top

REFERENCES

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
324269  (http://support.microsoft.com/kb/324269/ ) How to use IPSec Monitor in Windows Server 2003
Back to the top
APPLIES TO
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Back to the top
Keywords: 
kbprb KB870910
Back to the top