Microsoft KB Archive/870910

= You receive an error message when you try to open the IPSec MMC policy on a Windows Server 2003-based computer =

Article ID: 870910

Article Last Modified on 10/30/2006

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-





Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
When you try to open the Internet Protocol security (IPSec) Microsoft Management Console (MMC) policy on a Microsoft Windows Server 2003-based computer, you receive the following error message:

The IPSec Policy storage container could not be opened. The following error occurred: The system cannot find the file specified. (80070002).

When this problem occurs, events that are similar to the following may be logged: Event Type: Information

Event Source: Service Control Manager

Event Category: None

Event ID: 7040

Date:

Time:

User: NT AUTHORITY\SYSTEM

Computer:

Description: The start type of the IPSEC Services service was changed from disabled to auto start.


 * 1) IPSEC service is started by a GPO. This has been confirmed by disabling the IPSEC service, then running gpupdate /force.

Event Type: Information

Event Source: IPSec

Event Category: None

Event ID: 4294

Date:

Time:

User: N/A

Computer:

Description: The IPSec driver has entered Secure mode. IPSec policies, if they have been configured, are now being applied to this computer.

Data:

0000: 00 00 00 00 01 00 54 00 ......T.

0008: 00 00 00 00 c6 10 00 40 ....?..@

0010: 01 00 00 00 00 00 00 00 ........

0018: 00 00 00 00 00 00 00 00 ........

0020: 00 00 00 00 00 00 00 00 ........

Event Type: Error

Event Source: IPSec

Event Category: None

Event ID: 4292

Date:

Time:

User: N/A

Computer:

Description: The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.

Data:

0000: 00 00 00 00 01 00 54 00 ......T.

0008: 00 00 00 00 c4 10 00 c0 ....?..¨¤

0010: 01 00 00 00 00 00 00 00 ........

0018: 00 00 00 00 00 00 00 00 ........

0020: 00 00 00 00 00 00 00 00 ........

Event Type: Information

Event Source: Service Control Manager

Event Category: None

Event ID: 7035

Date:

Time:

User: NT AUTHORITY\SYSTEM

Computer:

Description: The IPSEC Services service was successfully sent a start control.

Event Type: Information

Event Source: Service Control Manager

Event Category: None

Event ID: 7036

Date:

Time:

User: N/A

Computer:

Description: The IPSEC Services service entered the stopped state.

Event Type: Error

Event Source: Service Control Manager

Event Category: None

Event ID: 7023

Date:

Time:

User: N/A

Computer:

Description: The IPSEC Services service terminated with the following error:

The system cannot find the file specified.



CAUSE
A corrupted file in the policy store causes this problem. An interruption that occurs when the policy is being written to the disk may cause the corruption.



RESOLUTION
To resolve this issue, delete the following registry subkey and then rebuild the policy:

To do this, follow these steps.

Note When you follow these steps, you delete the local policy. You must rebuild the local policy.

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.  Delete the local policy registry subkey. To do this, follow these steps:  Click Start, click Run, type regedit, and then click OK. In Registry Editor, locate and then click the following subkey:

 

 On the Edit menu, click Delete. Click Yes to confirm that you want to delete the subkey. Quit Registry Editor</li></ol> </li> Rebuild a new local policy store. To do this, follow this step: <ol style="list-style-type: lower-alpha;"> Click Start, click Run, type regsvr32 polstore.dll, and then click OK.</li></ol> </li></ol>

<div class="references_section">