NIERO@net e.K. – Corporate Blog

Ihr Weg zu strategischer SMB IT beginnt mit Managed Services

Event ID 4292 Source IPSec und Event ID 58 Source CertSvc unter Windows Server 2003

Nach einem regulären reboot eines W2K3 R2 DCs heute bei einem Kunden hatte dieser Server keine Netzwerkverbindung und im Eventlog fanden sich die folgenden Meldungen:

1. Event ID 58 Source CertSvc ("Certificate Services did not start: A certificate in the CA certificate chain for <example issue> CA has expired. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. <error code> (<decimal error code>).")

2. Event ID 7023 Source Service Control Manager ("The IPSEC Services service terminated with the following error: The system cannot find the file specified")

3. Event ID 4292 Source IPSec ("The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer.")

Die Lösung zu 1. war einfach: Das root-certfificate war abgelaufen. CERTUTIL –renewcert war die Lösung.

Die Lösung zu 2. und 3. in meinem Falle war dann KB912023.

Es sollte allerdings auch KB956189 (“Some services may not start or may not work correctly on a computer that is running Windows SBS after you install the DNS Server security update 953230 (MS08-037)”) mit dem Thema “ReservedPorts” und “MaxUserPort” zu Rate gezogen werden, unter dessen Bedingungen die IPSec-Fehler ebenfalls auftreten können.

20. Juli 2011 - Posted by | Lessons learned: Notes from the field | , , , , , ,

Sorry, the comment form is closed at this time.