Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

VPN clients may be disconnected when you restart the IPsec Policy Agent service on a computer that is running ISA Server 2004


View products that this article applies to.

Symptoms

On a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004, you may experience both the following symptoms:
  • Virtual private network (VPN) clients are disconnected from the ISA Server 2004 computer.
  • All dynamic Internet Protocol security (IPsec) configuration information is lost. This information includes ISA Server 2004 VPN site-to-site configuration settings.

↑ Back to the top


Cause

This issue occurs if you stop or restart either of the following services, depending on the version of Windows that ISA Server 2004 is running on:
  • The IPsec Services service for Microsoft Windows Server 2003.
  • The IPsec Policy Agent service for Microsoft Windows 2000 Server.
When you stop the IPsec Policy Agent service in Windows, the IPsec policy is removed.

Note This issue applies only to clients who are using an IPsec tunnel. It does not apply to clients who are using a Point-to-Point Tunneling Protocol (PPTP) tunnel.

↑ Back to the top


Resolution

To resolve this issue, start the IPsec Policy Agent service, and then restart the ISA Server 2004 Microsoft Firewall service. This reloads the IPsec policy and the ISA Server 2004 IPsec configuration information.

Note You can also restart the computer to cause these services to automatically restart.

To restart the IPsec Policy Agent service and the Microsoft Firewall service, follow these steps:
  1. Click Start, click Run, type services.msc, and then click OK.
  2. Use one of the following procedures:
    • For Windows Server 2003, right-click IPSEC Services, and then click Start.
    • For Windows 2000 Server, right-click IPSEC Policy Agent, and then click Start.
  3. Right-click Microsoft Firewall, and then click Restart.

↑ Back to the top


More information

For additional information about the IPsec Policy Agent service, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB884203, kbtshoot, kbprb, kbfirewall, kbinfo, kbwinservnetwork, kbsecurityservices

↑ Back to the top

Article Info
Article ID : 884203
Revision : 4
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 375