Saturday, April 24, 2010

IPSec service won’t start

When this happens, all TCP/IP traffic stops. If you try to restart the service, you may receive this message:

Error 10048: Only one usage of each socket address (protocol/network address/port) is normally permitted.

If you look in the Event Log, you’ll see that IPSec has entered block mode. The recommendation is to disable IPSec services and restart the server. Don’t follow that advice.

To get everyone working quickly, stop the DNS Server service. Then start the IPSec service start. Restart the DNS Server service and everything should be back to normal – at least for now.

This behavior is due to a problem after installing update MS08-037 which addressed DNS vulnerabilities.

To avoid the problem in the future, you’ll need to edit the registry key that lists the DNS port reservations. Check out the details here for more info.

4 comments:

DStiner said...

Thanks Al, this helped me out.

Patrick said...

You saved me! Thanks.

Unknown said...

You saved me too, Thank you for existing my friend!

Rob Falk said...

Thanks for the band-aid and providing the link for the permanent fix.