Options

More IpSec

MikdillyMikdilly Member Posts: 309
in Net Infra 70-291
Have a 2000 server that drops off network when either Server(request sec or require sec) is set as the ipsec policy on the OU that the server is in. Will only connect to the network when using client(repond only) configured for the OU.

Get errors in event viewer about the rpc call from netlogon to the dc has been cancelled and no domain controller is available.

Is there any obvious fix to this?
· Share on FacebookShare on Twitter

Comments

  • Options
    genXrcistgenXrcist Member Posts: 531
    Have the default Request/Require policies been altered? What does the IPSec Monitor show? Any SA's? My guess is the 2K server is timing out while negotiating security. Try using MD5/DES as it's first attempt in a negotiation, that might do the trick. :)
    1) CCNP Goal: by August 2012
    · Share on FacebookShare on Twitter
  • Options
    MikdillyMikdilly Member Posts: 309
    genXrcist wrote: »
    Have the default Request/Require policies been altered? What does the IPSec Monitor show? Any SA's? My guess is the 2K server is timing out while negotiating security. Try using MD5/DES as it's first attempt in a negotiation, that might do the trick. :)

    Thanks, default policies implemented thru a gpo, don't think they were altered, ipsecmon on windows 2000 server showed no SA's, was actually able to fix it by removing and re-installing all protocols, clients and services in properties of the network card. After they were re-installed it popped back onto domain and security policy was applied, sa's showed in ipsecmon.
    · Share on FacebookShare on Twitter
  • Options
    genXrcistgenXrcist Member Posts: 531
    Wow, corrupt TCP/IP stack huh? Well, good job figuring that one out! :)
    1) CCNP Goal: by August 2012
    · Share on FacebookShare on Twitter
  • Options
    MikdillyMikdilly Member Posts: 309
    genXrcist wrote: »
    Wow, corrupt TCP/IP stack huh? Well, good job figuring that one out! :)

    Don't know if it was corrupt since it would connect to domain when using client(respond only), not sure why re-installing everything on the network card worked.
    · Share on FacebookShare on Twitter
  • Options
    genXrcistgenXrcist Member Posts: 531
    Good point. Perhaps IPSec uses Client for MS Networks? Who knows. :)
    1) CCNP Goal: by August 2012
    · Share on FacebookShare on Twitter
  • Options
    MikdillyMikdilly Member Posts: 309
    genXrcist wrote: »
    Good point. Perhaps IPSec uses Client for MS Networks? Who knows. :)

    Could be, probably should have removed and reinstalled 1 by 1 to see if it could be narrowed down. Just wanted it working as spent too many hours trying to fix when needing to continue on with studying.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.