Unable to remove IPsec settings from iSCSI target portal configured with IPsec via the iSCSI initiator

Applies to: Windows Server 2008 R2 EnterpriseWindows Server 2008 R2 StandardWindows Server 2008 Enterprise


Consider the following scenario:

  • Using the Microsoft iSCSI initiator, configure the IPsec setting when discovering a target portal.
  • Remove the target portal from the initiator.
  • Attempt to discover the same target portal without configuring IPsec.
In this scenario, you may encounter one of the following errors with the title Add Target Portal:

There is no tunnel mode outer address specified.


There is no IKE authentication information available.


When removing a target portal, Windows does not properly remove the IPsec settings.


ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows

To resolve the issue, perform the following steps:

1. Using the iSCSI initiator, remove the target portal.

2. At an elevated command prompt, stop the iSCSI service using the following command:

Net stop msiscsi
3. In the Registry Editor, backup (Export) and then remove the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\iSCSI\Discovery\Authentication Cache\ALL
4. At an elevated command prompt, start the iSCSI service using the following command:

Net start msiscsi

More Information

For more information about IPsec, click on the following TechNet link: