Wednesday, November 12, 2014

Windows Server 2003 You did it again!

We recently had an outage on some of our VMWare hosts and after the outage was resolved and the hosts came back online we brought up all the VMs back online. Later that day one of my co-workers received a call regarding one of the VMs that was not able to be accessed.

After thoroughly troubleshooting the issue he asked me for some input.


He had done everything anyone would do to troubleshoot an issue with a VM Network:



  • Made sure the IP address and subnet were correct.
  • He double checked the VLAN on the VM host. 
  • He deleted the virtual NIC and added a new one with a different driver
Unfortunately nothing was working. I took over the issue, and I was honestly at a stomp. After redoing everything he had done and a few other things I finally decided to check the Windows EventLog - I probably should have done that sooner. I found an event that said the following:

Event Type: Error

Event Source: IPSEC
Event Category: None
Event ID: 4292
Date:
Time: 
User: N/A
Computer: COMPUTER_NAME
Description:
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.

After some researching I found the following VMWare article. It turns out this is actually not that an uncommon occurrence on VMs running Windows Server 2003. 

I followed the given instructions and I disabled the IPSec service - even though it wasn't even running - and rebooted the VM. When the system came back online so was the network. 

I hope this might help someone out there!