Restart the IPSec services
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To restart the IPSec service
Using the Windows interface
Using a command line
Using the Windows interface
Open Services.
Right-click IPSec services.
Click Restart.
Important
- Stopping and restarting the IPSec service can disconnect all computers that are using IPSec from the computer on which the IPSec service is stopped, and it can prevent further communication with that computer. For information about how to troubleshoot and resolve loss of connectivity in this situation, see Related Topics.
Notes
To manage Active Directory-based IPSec policies, you must be a member of the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. To manage local or remote IPSec policies for a computer, you must be a member of the Administrators group on the local or remote computer. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. For more information, see Default local groups and Default groups.
To open Services, click Start, click Control Panel, double-click Administrative Tools, and then double-click Services.
You might need to restart the IPSec service in order to do any of the following:
Clear old security associations (SAs).
Clear soft SAs (unsecured negotiations).
Force an IPSec policy to download from Active Directory to domain clients.
If the IPSec service does not start, then use Event Viewer to determine possible causes of failure. For more information, see Related Topics.
Using a command line
Open Command Prompt.
Type:
net stop policyagent & net start policyagent
Important
- Stopping and restarting the IPSec service can disconnect all computers that are using IPSec from the computer on which the IPSec service is stopped, and it can prevent further communication with that computer. For information about how to troubleshoot and resolve loss of connectivity in this situation, see Related Topics.
Notes
To manage Active Directory-based IPSec policies, you must be a member of the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. To manage local or remote IPSec policies for a computer, you must be a member of the Administrators group on the local or remote computer. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. For more information, see Default local groups and Default groups.
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.
On a computer running the Routing and Remote Access service and either Windows 2000 Server or a Windows Server 2003 operating system, you must use the following sequence when restarting the IPSec service:
Stop the Routing and Remote Access service using the net stop remoteaccess command.
Stop and restart the IPSec service using the net stop policyagent & net start policyagent command.
Start the Routing and Remote Access service using the net start remoteaccess command.
You might need to restart the IPSec service in order to do any of the following:
Clear old security associations (SAs).
Clear soft SAs (unsecured negotiations).
Force an IPSec policy to download from Active Directory to domain clients.
If the IPSec service does not start, then use Event Viewer to determine possible causes of failure. For more information, see Related Topics.
For more information about the net start and net stop commands, see Related Topics.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
IPSec troubleshooting tools
IPSec Policy Agent service
Event Viewer overview
Net services commands