IPSec Service issue

Event ID 4292

The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.

This all of a sudden started happening the moment I rebooted the server. I disabled it so that it would get out of block mode but I'm still curious how this happened. I tried restarting the service and thats when I get an error saying failed to start cannot find file (even though the lsaa.exe is located in the system 32 folder). Last three Windows Patches that were applied to the system were two security patches and Windows maclious software removal tool.


Prior to me performing our weekly reboots it was taking forever to logoff the server either console or RDP. Prior to this when we rebooted weekly we sometimes got a few Netlogon errors but we reduced that from 5 down to 1 because it was a NIC driver issue.

Anyone have this type of error before?


Sign In or Register to comment.