[THIN] IPSEC Goofiness

When one of our Citrix servers rebooted overnight, it did not come back.
The admin team determined that it was some kind of network problem. They
could log in via the remote insight board but only as the local
Administrator. Domain logins failed with a message that it couldn't find
the domain. It could not successfully ping its own default gateway.
During a reboot, it responded to four pings and then went dead. They
checked with the network team and everything looked fine from the switch
side. Finally, they noticed that the IPSEC service was not listed as
running and it could not be started.

 

Setting IPSEC to "Disabled" and rebooting brought the server back to
life but the Citrix IMA service could no longer run. Attempting to start
IPSEC immediately stopped all network traffic again.

 

Apparently, the local IPSEC policy can become corrupted. When this
happens, the machine can't determine who is safe to talk to so it
completely shuts off communications. Luckily, we found the following web
page that showed how to fix a corrupted policy.

 

http://msmvps.com/blogs/richardwu/archive/2006/01/13/80970.aspx

 

I'm passing this on in hopes of saving others some stress.

 

Steve Raffensberger

Citrix Administrator

Sovereign Bank

1125 Berkshire Boulevard

Wyomissing, PA 19610

email: sraffens@xxxxxxxxxxxxxxxxx

 




This message contains information which may be confidential and privileged. 
Unless you are the addressee  (or authorized to receive for the addressee), you 
may not use, copy or disclose to anyone the message or any information 
contained in the message.  If you have received the message in error, please 
advise the sender by reply e-mail, and delete or destroy the message. Thank you.

Other related posts: