Broken IPSec leaves you off the network

So you might have noticed that this blog has been down for a bit.

Problem was ipsec services wouldn’t start, which keeps the tcp/ip stack from connecting. I’ve seen this problem once before, but it was on a server that was being decommissioned so I didn’t dig into it.

Anyhow, the error message produced when trying to start ipsec was:

“Could not start the IPSEC Services service on Local Computer.¬† Error 2: The system cannot find the file specified.”

Apparently this is one of several symptoms that can happen when the ipsec local policy gets corrupted or partially deleted.

And apparently it isn’t uncommon (but certainly it’s a rare event) for the local ipsec policy to be mangled or partially deleted after applying a patch or service pack.

And in fact, that’s how the server hosting this blog got into this state.

See http://www.howtonetworking.com/VPN/rebuildipsec.htm for how to rebuild the local ipsec policy state so you can restart ipsec and get your system back online.