Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to delete locally cached IPSec Policy?

Status
Not open for further replies.
HKNinja

HKNinja

MIS
Nov 17, 2002
148
US
Hi guys,

I created IPSec in GP and deleted it without reading this from Microsoft first...
"An IPSec policy might remain active even after the IPSec policy or Group Policy object to which it is assigned has been deleted. Therefore, you should unassign the IPSec policy before you delete either the policy or the Group Policy object. To prevent problems, use the following procedure:

1. Unassign the IPSec policy in the Group Policy object.

2. Wait 24 hours to ensure that the change is propagated.

3. Delete the IPSec policy or Group Policy object.

If you delete the IPSec policy or Group Policy object without following this procedure, computers in the Active Directory container to which the IPSec policy is assigned might treat the IPSec policy as if it cannot be located and continue to use a cached copy."

NOw I got a local cached copy in one of the DC that I can't get rid of. Anybody can help? Thanks!
 
Sort by date Sort by votes
Had the same problem I think. I basically setup an IPSec policy that turned my DC into a secure server. Very very stupid of me. I couldn't get rid of the policy even after I deleted it and the DC could not contact the other DC which is the PDC which has the group policy that this DC syncs with.

To fix the problem I turned off the IPSec service under Services. I then checked to see if it could contact the PDC and then did a gpupdate and used replmon.exe to do a full resync with the other DC. I then checked to see the security policy on the DC and found that it was now turned off and everything and everything was fine.

Make sure if you have another DC that is a PDC that all the GPO setting on that machine for domain controllers are set correctly. Also make sure that the IPSec policy on the local machine is also set correctly before you do a gpupdate and replmon.exe.

Good Luck,
Anthony
 
Upvote 0 Downvote
Hi Anthony,

Thanks for the reply. I deleted the cache copy from the registry. I used IPSec Monitor to make sure it's not there anymore.


- Harry
 
Upvote 0 Downvote
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top