I am trying to install an IPsec policy on my Windows XP Professional. Using
MMC I assigned the pre-configured 'Secure Server (Require Security) policy.
But the text in the 'Policy Assigned' column says 'Assigned, but the 'IPSEC
Services' service is not in a running state.

What does that mean and how do I get IPSEC Services into running state?

I have checked ipsec service using 'sc query ipsec' and the output looks as
if that service is running:

SERVICE_NAME: ipsec
TYPE: : 1 KERNEL_DRIVER
STATE : 4 RUNNING

Any help highly appreciated!

Daniel

You likely want to review how to configure IPsec, as=20
configuring an XP with the policy you are attempting=20
is not likely to be of use outside of an AD domain or=20
without a certification server available, although I do=20
imagine one could adjust it to work using only preshared=20
keys.=20

Can you unassign the predefined, and then define a=20
new policy with a simple rule or two and then assign=20
that new policy ?

--=20
Roger=20

"Daniel" > wrote in message =
...
> I am trying to install an IPsec policy on my Windows XP Professional. =
Using
> MMC I assigned the pre-configured 'Secure Server (Require Security) =
policy.
> But the text in the 'Policy Assigned' column says 'Assigned, but the =
'IPSEC
> Services' service is not in a running state.
>=20
> What does that mean and how do I get IPSEC Services into running =
state?
>=20
> I have checked ipsec service using 'sc query ipsec' and the output =
looks as
> if that service is running:
>=20
> SERVICE_NAME: ipsec
> TYPE: : 1 KERNEL_DRIVER
> STATE : 4 RUNNING
>=20
> Any help highly appreciated!
>=20
> Daniel
>=20
>

I will actually use preshared keys in my system (the keys will eventually be
created dynamically with a specific algorithm).

As you suggested I have just created a new policy with a simple rule (and
preshared keys). Assigned it and still have that same text....



"Roger Abell [MVP]" > wrote in message
...
You likely want to review how to configure IPsec, as
configuring an XP with the policy you are attempting
is not likely to be of use outside of an AD domain or
without a certification server available, although I do
imagine one could adjust it to work using only preshared
keys.

Can you unassign the predefined, and then define a
new policy with a simple rule or two and then assign
that new policy ?

--
Roger

"Daniel" > wrote in message
...
> I am trying to install an IPsec policy on my Windows XP Professional.
Using
> MMC I assigned the pre-configured 'Secure Server (Require Security)
policy.
> But the text in the 'Policy Assigned' column says 'Assigned, but the
'IPSEC
> Services' service is not in a running state.
>
> What does that mean and how do I get IPSEC Services into running state?
>
> I have checked ipsec service using 'sc query ipsec' and the output looks
as
> if that service is running:
>
> SERVICE_NAME: ipsec
> TYPE: : 1 KERNEL_DRIVER
> STATE : 4 RUNNING
>
> Any help highly appreciated!
>
> Daniel
>
>

Found out that the service "policyagent" needs to be started. But when
trying to start that service, the start fails with following message in
eventlog:

Source: Service Control Manager
Type: Error
Event ID: 7023

Description:
The IPSEC Services service terminated with the following error:
The authentication service is unknown.

Any ideas?


"Daniel" > wrote in message
...
> I will actually use preshared keys in my system (the keys will eventually
be
> created dynamically with a specific algorithm).
>
> As you suggested I have just created a new policy with a simple rule (and
> preshared keys). Assigned it and still have that same text....
>
>
>
> "Roger Abell [MVP]" > wrote in message
> ...
> You likely want to review how to configure IPsec, as
> configuring an XP with the policy you are attempting
> is not likely to be of use outside of an AD domain or
> without a certification server available, although I do
> imagine one could adjust it to work using only preshared
> keys.
>
> Can you unassign the predefined, and then define a
> new policy with a simple rule or two and then assign
> that new policy ?
>
> --
> Roger
>
> "Daniel" > wrote in message
> ...
> > I am trying to install an IPsec policy on my Windows XP Professional.
> Using
> > MMC I assigned the pre-configured 'Secure Server (Require Security)
> policy.
> > But the text in the 'Policy Assigned' column says 'Assigned, but the
> 'IPSEC
> > Services' service is not in a running state.
> >
> > What does that mean and how do I get IPSEC Services into running state?
> >
> > I have checked ipsec service using 'sc query ipsec' and the output looks
> as
> > if that service is running:
> >
> > SERVICE_NAME: ipsec
> > TYPE: : 1 KERNEL_DRIVER
> > STATE : 4 RUNNING
> >
> > Any help highly appreciated!
> >
> > Daniel
> >
> >
>
>

The info on the sc output through me off track on=20
whether the needed services were up.
OK, so net start policyagent gets you a bit further,=20
but not far enough that ipsecmon.exe is useful.
You may be able to pick up some info from=20
netdiag /test:ipsec /v /debug
Not many people venture into configuring IPsec=20
on XP, but I find one network related KB for that=20
error from the SCM
http://support.microsoft.com/?id=3D329441
basically tracing issues to use of a restore point=20
having left an SP1 machine inconsistently reverted=20
to pre-SP1. (mentioned in case it seems applicable) =20

Other than that info, as I have not seen your issue,=20
I can only suggest posting to networking specific=20
newsgroup, and offer in case you need to dig in to=20
this the following with pointers on troubleshooting=20
http://support.microsoft.com/?id=3D316434=20
=20

--=20
Roger=20
"Daniel" > wrote in message =
...
> Found out that the service "policyagent" needs to be started. But when
> trying to start that service, the start fails with following message =
in
> eventlog:
>=20
> Source: Service Control Manager
> Type: Error
> Event ID: 7023
>=20
> Description:
> The IPSEC Services service terminated with the following error:
> The authentication service is unknown.
>=20
> Any ideas?
>=20
>=20
> "Daniel" > wrote in message
> ...
> > I will actually use preshared keys in my system (the keys will =
eventually
> be
> > created dynamically with a specific algorithm).
> >
> > As you suggested I have just created a new policy with a simple rule =
(and
> > preshared keys). Assigned it and still have that same text....
> >
> >
> >
> > "Roger Abell [MVP]" > wrote in message
> > ...
> > You likely want to review how to configure IPsec, as
> > configuring an XP with the policy you are attempting
> > is not likely to be of use outside of an AD domain or
> > without a certification server available, although I do
> > imagine one could adjust it to work using only preshared
> > keys.
> >
> > Can you unassign the predefined, and then define a
> > new policy with a simple rule or two and then assign
> > that new policy ?
> >
> > --
> > Roger
> >
> > "Daniel" > wrote in message
> > ...
> > > I am trying to install an IPsec policy on my Windows XP =
Professional.
> > Using
> > > MMC I assigned the pre-configured 'Secure Server (Require =
Security)
> > policy.
> > > But the text in the 'Policy Assigned' column says 'Assigned, but =
the
> > 'IPSEC
> > > Services' service is not in a running state.
> > >
> > > What does that mean and how do I get IPSEC Services into running =
state?
> > >
> > > I have checked ipsec service using 'sc query ipsec' and the output =
looks
> > as
> > > if that service is running:
> > >
> > > SERVICE_NAME: ipsec
> > > TYPE: : 1 KERNEL_DRIVER
> > > STATE : 4 RUNNING
> > >
> > > Any help highly appreciated!
> > >
> > > Daniel
> > >
> > >
> >
> >
>=20
>

Found solution: "Client for Microsoft Network" needs to be installed in the
LAN connection. Now IPsec between my WinXP machine and Win 2003 server
works!



"Roger Abell [MVP]" > wrote in message
...
The info on the sc output through me off track on
whether the needed services were up.
OK, so net start policyagent gets you a bit further,
but not far enough that ipsecmon.exe is useful.
You may be able to pick up some info from
netdiag /test:ipsec /v /debug
Not many people venture into configuring IPsec
on XP, but I find one network related KB for that
error from the SCM
http://support.microsoft.com/?id=329441
basically tracing issues to use of a restore point
having left an SP1 machine inconsistently reverted
to pre-SP1. (mentioned in case it seems applicable)

Other than that info, as I have not seen your issue,
I can only suggest posting to networking specific
newsgroup, and offer in case you need to dig in to
this the following with pointers on troubleshooting
http://support.microsoft.com/?id=316434


--
Roger
"Daniel" > wrote in message
...
> Found out that the service "policyagent" needs to be started. But when
> trying to start that service, the start fails with following message in
> eventlog:
>
> Source: Service Control Manager
> Type: Error
> Event ID: 7023
>
> Description:
> The IPSEC Services service terminated with the following error:
> The authentication service is unknown.
>
> Any ideas?
>
>
> "Daniel" > wrote in message
> ...
> > I will actually use preshared keys in my system (the keys will
eventually
> be
> > created dynamically with a specific algorithm).
> >
> > As you suggested I have just created a new policy with a simple rule
(and
> > preshared keys). Assigned it and still have that same text....
> >
> >
> >
> > "Roger Abell [MVP]" > wrote in message
> > ...
> > You likely want to review how to configure IPsec, as
> > configuring an XP with the policy you are attempting
> > is not likely to be of use outside of an AD domain or
> > without a certification server available, although I do
> > imagine one could adjust it to work using only preshared
> > keys.
> >
> > Can you unassign the predefined, and then define a
> > new policy with a simple rule or two and then assign
> > that new policy ?
> >
> > --
> > Roger
> >
> > "Daniel" > wrote in message
> > ...
> > > I am trying to install an IPsec policy on my Windows XP Professional.
> > Using
> > > MMC I assigned the pre-configured 'Secure Server (Require Security)
> > policy.
> > > But the text in the 'Policy Assigned' column says 'Assigned, but the
> > 'IPSEC
> > > Services' service is not in a running state.
> > >
> > > What does that mean and how do I get IPSEC Services into running
state?
> > >
> > > I have checked ipsec service using 'sc query ipsec' and the output
looks
> > as
> > > if that service is running:
> > >
> > > SERVICE_NAME: ipsec
> > > TYPE: : 1 KERNEL_DRIVER
> > > STATE : 4 RUNNING
> > >
> > > Any help highly appreciated!
> > >
> > > Daniel
> > >
> > >
> >
> >
>
>

Thanks for the info.
If this is due to the issue where Client for MS Network=20
must be installed in order to get RPC services installed,=20
then you should be able to uncheck the binding in the=20
network connectoid properties. It only needs to be=20
installed, it does not need to be used on an interface.

--=20
Roger=20

"Daniel" > wrote in message =
...
> Found solution: "Client for Microsoft Network" needs to be installed =
in the
> LAN connection. Now IPsec between my WinXP machine and Win 2003 server
> works!
>=20
>=20
>=20
> "Roger Abell [MVP]" > wrote in message
> ...
> The info on the sc output through me off track on
> whether the needed services were up.
> OK, so net start policyagent gets you a bit further,
> but not far enough that ipsecmon.exe is useful.
> You may be able to pick up some info from
> netdiag /test:ipsec /v /debug
> Not many people venture into configuring IPsec
> on XP, but I find one network related KB for that
> error from the SCM
> http://support.microsoft.com/?id=3D329441
> basically tracing issues to use of a restore point
> having left an SP1 machine inconsistently reverted
> to pre-SP1. (mentioned in case it seems applicable)
>=20
> Other than that info, as I have not seen your issue,
> I can only suggest posting to networking specific
> newsgroup, and offer in case you need to dig in to
> this the following with pointers on troubleshooting
> http://support.microsoft.com/?id=3D316434
>=20
>=20
> --
> Roger
> "Daniel" > wrote in message
> ...
> > Found out that the service "policyagent" needs to be started. But =
when
> > trying to start that service, the start fails with following message =
in
> > eventlog:
> >
> > Source: Service Control Manager
> > Type: Error
> > Event ID: 7023
> >
> > Description:
> > The IPSEC Services service terminated with the following error:
> > The authentication service is unknown.
> >
> > Any ideas?
> >
> >
> > "Daniel" > wrote in message
> > ...
> > > I will actually use preshared keys in my system (the keys will
> eventually
> > be
> > > created dynamically with a specific algorithm).
> > >
> > > As you suggested I have just created a new policy with a simple =
rule
> (and
> > > preshared keys). Assigned it and still have that same text....
> > >
> > >
> > >
> > > "Roger Abell [MVP]" > wrote in message
> > > ...
> > > You likely want to review how to configure IPsec, as
> > > configuring an XP with the policy you are attempting
> > > is not likely to be of use outside of an AD domain or
> > > without a certification server available, although I do
> > > imagine one could adjust it to work using only preshared
> > > keys.
> > >
> > > Can you unassign the predefined, and then define a
> > > new policy with a simple rule or two and then assign
> > > that new policy ?
> > >
> > > --
> > > Roger
> > >
> > > "Daniel" > wrote in message
> > > ...
> > > > I am trying to install an IPsec policy on my Windows XP =
Professional.
> > > Using
> > > > MMC I assigned the pre-configured 'Secure Server (Require =
Security)
> > > policy.
> > > > But the text in the 'Policy Assigned' column says 'Assigned, but =
the
> > > 'IPSEC
> > > > Services' service is not in a running state.
> > > >
> > > > What does that mean and how do I get IPSEC Services into running
> state?
> > > >
> > > > I have checked ipsec service using 'sc query ipsec' and the =
output
> looks
> > > as
> > > > if that service is running:
> > > >
> > > > SERVICE_NAME: ipsec
> > > > TYPE: : 1 KERNEL_DRIVER
> > > > STATE : 4 RUNNING
> > > >
> > > > Any help highly appreciated!
> > > >
> > > > Daniel
> > > >
> > > >
> > >
> > >
> >
> >
>=20
>