Consider the following scenario. A Microsoft Windows XP-based client computer is joined to a Microsoft Windows Server 2003 domain. Additionally, Windows Server 2003 Service Pack 1 (SP1) is installed on the authenticating domain controller. In this scenario, you experience the following symptoms:
- You cannot connect to the Internet.
- You cannot join or log on to the domain. Therefore, the domain controller is in IPsec Block mode.
The system cannot find the file specified.Additionally, the following events may be logged in the server's System log:
This problem can occur if the IPSec\Policy\Local registry key is deleted or when there is a corrupted file in the policy store. The file may become corrupted if an interruption occurs when the policy is being written to the disk.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in WindowsTo resolve this issue, follow these steps:
- Delete the local policy registry subkey. To do this, follow these steps:
- Click Start, click Run, type regedit in the Open box, and then click OK.
- In Registry Editor, locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
- On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey.
- Quit Registry Editor
- Rebuild a new local policy store. To do this, Click Start, click Run, type regsvr32 polstore.dll in the Open box, and then click OK.
- Verify that the IPSEC Services component is set to automatic, and then restart the domain controller.
To temporarily work around this problem, disable the IPSEC Services component, and then restart the domain controller.