VPN clients may be disconnected when you restart the IPsec Policy Agent service on a computer that is running ISA Server 2004

On a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004, you may experience both the following symptoms:

• Virtual private network (VPN) clients are disconnected from the ISA Server 2004 computer.
• All dynamic Internet Protocol security (IPsec) configuration information is lost. This information includes ISA Server 2004 VPN site-to-site configuration settings.

This issue occurs if you stop or restart either of the following services, depending on the version of Windows that ISA Server 2004 is running on:

• The IPsec Services service for Microsoft Windows Server 2003.
• The IPsec Policy Agent service for Microsoft Windows 2000 Server.

When you stop the IPsec Policy Agent service in Windows, the IPsec policy is removed.

Note This issue applies only to clients who are using an IPsec tunnel. It does not apply to clients who are using a Point-to-Point Tunneling Protocol (PPTP) tunnel.

To resolve this issue, start the IPsec Policy Agent service, and then restart the ISA Server 2004 Microsoft Firewall service. This reloads the IPsec policy and the ISA Server 2004 IPsec configuration information.

Note You can also restart the computer to cause these services to automatically restart.

To restart the IPsec Policy Agent service and the Microsoft Firewall service, follow these steps:

1. Click Start, click Run, type services.msc, and then click OK.
2. Use one of the following procedures:
   • For Windows Server 2003, right-click IPSEC Services, and then click Start.
   • For Windows 2000 Server, right-click IPSEC Policy Agent, and then click Start.
3. Right-click Microsoft Firewall, and then click Restart.

For additional information about the IPsec Policy Agent service, visit the following Microsoft Web site: