An ipsec filter rule was deleted in error that has now locked me out of RDP access to the server – very big problem (this is a Windows Web Server 2008 R2 (64-bit) rented from 1&1).
I can connect via the serial console (SAC) and their server support team recommended stopping the IPSec service so I should then be able to connect via RDP and correct the error.
When the net stop "IPsec Policy Agent" command is entered it says:
The IPsec Policy Agent service is stopping..
The IPsec Policy Agent service could not be stopped.
(I tried stopping the Windows firewall, Base Filtering Engine, IKEEXXT, etc and these do stop but never the IPsec Policy Agent).
Does anyone know how to stop it or some other way around this problem please?
My remaining courses of action are:
(1). Try to change the registry to set startup of the IPSec service to 'Disabled' (have to find out how to do this from the command line)
(2). Try to recreate the filter from command line (but the server only seems to understand a small amount of the netsh ipsec commands and complains about the add filter command)
(3). Try to boot into 'Last known good cfg' (problem here is that during a hard reboot – whilst being connected to the SAC – this option isn't coming up when I press F8!)
Any help or suggestions would be gratefully appreciated especially as I spent most of yesterday on this problem and am running out of options.
Thanks
Tom
EDIT 1:
Tried this but no success –
netsh ipsec static add filterlist name="Allow" description="Allow Specified Traffic"
netsh ipsec static add filter filter="Allow" mirrored="yes" srcaddr=any srcmask="0.0.0.0" dstaddr="me" protocol="tcp" srcport="0" dstport="3389"
EDIT 2:
Thanks to naxto. The service couldn't be stopped until the startup method was changed to disabled, then it could (without any need to reboot). Many thanks.
Best Answer
to change the service startup method with the cli, you can use sc.exe: http://technet.microsoft.com/en-us/library/bb490995.aspx
sc config servicename start= demand
careful, after start, no space, after '=', you need one. You need to find out how the ipsec service is called (you can look it up in the registry). Sorry, I cannot look it up now, not at work or with a windows host handy.