IPSEC Policy missing from registry. Unable to ping PBX (M1) from CallPilot
CallPilot ELAN comes up at start of boot and then drops. After that, the CallPilot cannot ping out or in. CallPilot can ping its own IP but nothing else. The following error is seen:
Cause of Problem:
The IPSec driver has entered Block mode. IPSec discards all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. A corrupted file in the policy store causes this problem. An interruption that occurs when the policy is being written to the disk can cause the corruption.
To resolve this issue, delete the following registry subkey and then rebuild the policy:
Perform the following steps:
1. Delete the local policy registry subkey. To do this, follow these steps:
a. Click Start, click Run, type regedit, and then click OK.
b. In Registry Editor, locate and then click the following subkey:
c. On the Edit menu, click Delete.
d. Click Yes to confirm that you want to delete the subkey.
e. Quit Registry Editor.
2. Rebuild a new local policy store. To do this, click Start, click Run, type
regsvr32 polstore.dll, and then click OK.
This workaround applies only for Window 2003 systems
Once the local policy store has been restored, corrective content to prevent further occurrences has been added to Service Updates:
CP40404SU04S - If you are on Rls. 4 and below this baseline, please install the update at the next available maintenance window.
CP50041SU02S - If you are on Rls. 5 and below this baseline, please install the update at the next available maintenance window.
Any subsequent Service Update PEPs will contain the fix.