The other day I came across something out of the ordinary.  After some major configuration changes to the server after a reboot it lost network connectivity.  After looking at the server from the console, the Local Area Connection was missing from Network Connections and I couldn't connect to it through RDC.  Checking system event viewer gave some information:

 4292 - The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer.

32777 - The LSA was unable to register its RPC interface over the TCP/IP interface. Please make sure that the protocol is properly installed.

12291 - SAM failed to start the TCP/IP or SPX/IPX listening thread.

Well I took the advice of the first error, disabled the IPSec service, rebooted the server, and voila!  I was able to connect to the server.  However Local Area Connection was still not showing in Network Connections.  After some digging I found a solution:

Solution:  (This involves a direct registry edit.  Be very careful with changes that you make because incorrect changes could make your system unstable or inoperable) 

Go into services and find Remote Procedure Call (RPC) Service.  Change the account that it runs under to a Local System Account.

Open registry editor (regedit from a command prompt) and backup the following keys:

  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Winsock
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Winsock2

Once you have a backup of those keys, delete them.

Highlight HKEY_LOCAL_MACHINE and then select 'File' -> 'Load Hive...'

Browse to C:\Windows\Repair and select 'SYSTEM'

  • Side note:  Hopefully at one point or another you've run a system state backup so you actually have a backup copy of the registry in this folder.  If not you really need to do so on every machine of yours

When asked for a key name, call it Temp

Locate and export the following keys:

  • HKEY_LOCAL_MACHINE\Temp\ControlSet001\Services\Winsock
  • HKEY_LOCAL_MACHINE\Temp\ControlSet001\Services\Winsock2

Open those keys that you just exported in notepad, and search and replace the text to the appropriate path below:  (I search for Temp\ControlSet001 and replace all instances with system\CurrentControlSet in both files)

  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Winsock
  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Winsock2

Highlight the Temp hive file and select 'File' -> 'Unload Hive...'

Now double click both of the files above that you replaced the text in to add that information to the registry and verify that the keys are properly there.

Reboot the machine.

After you reboot, verify that you can now see Local Area Connection.

Now we need to change back the Remote Procedure Call (RPC) Service to Network Service.

Open registry editor and find the following key:

  • HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\RpcSs

Edit the subkey, ObjectName and change the data to NT AUTHORITY\NetworkService

You will need to reboot once again for this final change to take effect.  Everything should be back to normal.  I continued to search and still don't know what causes this problem but I have see what seems to be quite a few people have the issue or similiar issues.  Here is a link that has similar instructions to the ones I provided and was very helpful in resolving my issue:  http://www.bensingerconsulting.com/support/helpdesk/issue_view.asp?ID=10&CATE=0