Friday, June 6, 2008

The case of corrupted TCP stack

No remote connection, not pingable, a simple trace route shows that the ICMP packets drop at the access layer of the switch where the server is currented to.

I managed to get the console access to the server remotely down the wire via iLO which is an optional feature for all HP Proliant servers. First I launched the Process Monitor from Microsoft Sysinternals and filter for all registry access for all the NIC interfaces in that server. First hint was the bad registry reading from HKLM\Software\Microsoft\IPSec....

That possibly tells me that the IPSec in Windows 2003 server seem to be an issue that I'm dealing ensure that this is the case, i launched the Registry Editing tool and notice that the keys under HKLM\Software\Microsoft\IPSec was not readable. By default, if IPSec is not turn on from the Windows FW, you should be able to view the hive of it with no value.

So, this is the steps on how to recover it :-

Step 1:- Delete HKLM\Software\Microsoft\IPSec
Step 2:- from command prompt issue :- regsvr32 /u polstore.dll to unregister the faulty driver and it registry entries
Step 3 : regsvr32 polstore.dll to register the dll back to the system
Step 4 :-Reboot

and walaaaaaaaaaaaaaaaaaaa........problem solved.

No comments: