Friday, August 22, 2008

[THIN] IPSEC Goofiness

When one of our Citrix servers rebooted overnight, it did not come back. The admin team determined that it was some kind of network problem. They could log in via the remote insight board but only as the local Administrator. Domain logins failed with a message that it couldn’t find the domain. It could not successfully ping its own default gateway. During a reboot, it responded to four pings and then went dead. They checked with the network team and everything looked fine from the switch side. Finally, they noticed that the IPSEC service was not listed as running and it could not be started.

 

Setting IPSEC to “Disabled” and rebooting brought the server back to life but the Citrix IMA service could no longer run. Attempting to start IPSEC immediately stopped all network traffic again.

 

Apparently, the local IPSEC policy can become corrupted. When this happens, the machine can’t determine who is safe to talk to so it completely shuts off communications. Luckily, we found the following web page that showed how to fix a corrupted policy.

 

http://msmvps.com/blogs/richardwu/archive/2006/01/13/80970.aspx

 

I’m passing this on in hopes of saving others some stress.

 

Steve Raffensberger

Citrix Administrator

Sovereign Bank

1125 Berkshire Boulevard

Wyomissing, PA 19610

email: sraffens@sovereignbank.com

 


This message contains information which may be confidential and privileged. Unless you are the addressee (or authorized to receive for the addressee), you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete or destroy the message. Thank you.

No comments: