IPSEC service (privacy ??) issue.

Discussion in 'privacy problems' started by Fly, Jun 12, 2009.

Thread Status:
Not open for further replies.
  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    I have this long thread in this section called: 'I know my ISP logs and retains data, but does it go further than that ?'

    But I'll post here for a very specific (brief) question. To what extent it has anything to do with privacy, networking etc. I don't know.

    I'm currently able to maintain a wireless connection, most of the time.
    The connection tends to drop later in the evening, and I tend to be unable to connect the first time I boot it up on any given day. In the latter case, I need to unplug the modem and the router, plug them in again, and then it usually works. Sometimes I also need to do that if I lose the connection at other moments.

    (Windows XP Home Edition, service pack 2, WPA-PSK wireless connection between computer and router, router connected by cable/wire to modem, no other computers in network, broadband/cable network)

    Each time I boot up my computer, within seconds there is an entry in the eventviewer:
    'Service Control manager' error event-id 7023
    'The IPSEC Services service terminated with the following error:
    The authentication service is unknown. '
    (I had to translate it into English, I hope I got it right)
    It is always the first Service Control Manager event (in the event viewer).
    Usually immediately after: 'the event log service has started' (event 6005)
    This is basically my question, why do I get that error message, and how can I fix it (if possible) ? I don't have an extra computer to spare to see how that would go. I've just restored an image to test a new security program (blank slate), so the information in the eventvwr is limited.
    My original ISP has merged with a few other ISPs into a new ISP.
    No (frequent) connection problems till recently.
    I have done some extensive digging, but could not find any answers.

    (There are also some tcpip events, DHCP warnings and some other issues, but that gets way too complicated to discuss here.)

    My wireless network has the following components: (Eset Personal Firewall), QoS, Aegis protocol, internet protocol (TCP/IP). No Ipv6 or other things, for as far as I know I don't need that. :doubt:

    If anyone can shed some light on that IPSEC issue I'd appreciate it.

    I guess I could post on some specialized forums, but what I've read there doesn't encourage me to do so.
     
    Last edited: Jun 12, 2009
  2. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I had a problem almost identicle symptoms using Sandboxie. I had overtightened Sandboxie's config and hindered communication with router. At every boot I had to turn router on/off to get connected/renew ip.

    Have you made any software changes lately?
     
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Yes, but I doubt if that has anything to do with it.

    I had this exact same error with McAfee VirusscanPlus, and now I'm trialling Eset Smart Security.
    I restored a clean image (one I made before the installation of any security programs), updated it, and installed the software.

    My network connection does not use/support (?) the Client for Microsoft Windows or File and printer sharing for windows. I removed that a long time ago, on purpose.
    And years ago I followed at least another suggestion : http://www.grc.com/stm/shootthemessenger.htm

    But these are not recent changes, I don't know since when the IPSEC issue occured, but the connection problems started recently.
     
    Last edited: Jun 12, 2009
  4. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    There is an IPSEC trouble shooting tool.

    http://www.microsoft.com/downloads/...2c-7998-42e4-8786-789c7b457881&displaylang=en

    Might help you/Might not. When I used this it didn't really point me in the right direction.

    Link Here to IPSEC help page at M$.

    I'd ask around in the Eset forums see if anyone else has come across this problem. Seems a bit of a coincidence you have the problem since installing Eset.

    And definitely take a look at your Internet provider forum - find out which services need to be running for wireless config. My ISP ran config check via remote assistance, so helpful he was, except I couldn't understand his Indian accent lol. o_O

    I took a look inside my services and I have IPSEC disabled, I'm on xp sp3. I guess it could be a necessity for some ISP's - for log in authentification.

    *That GRC messenger fix should't be needed anymore. Should be disabled/manual by default - was fixed in one of the service pack updates.*

    Anyway good luck.
     
  5. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Thanks, I really made an effort, but had to give up. Too much stuff to wade through, and nothing conclusive.

    What's that authentication service that's unknown ? o_O
    About the dependencies: at least two of those have two (or three) files(filenames). This computer's Windows installation CD predates service pack 2, and I updated it with what is/was called 'service pack 2 for specialists' or something like that. It's not an infection, but well, I'm way out of my league.

    I could not get any information from my ISP about which services (connection) are needed. Just references to the quality of service of my ISP (not good). Calling them would result in 'we don't support your router'.

    I did check www.theeldergeek.com (my trusted guide on services), and it's unclear whether IPSEC is needed.

    I just typed 'net start' from the command prompt.

    It seems the IPSEC service is not running ! (not strange, considering the error message).

    I didn't try that Ipsec trouble shooting tool, since it requires WGA stuff (I have a legit version, but I don't know what that would put on my computer :doubt: ), and since Ipsec doesn't even start when I turn on my computer I don't think it would be helpful.

    As you can read in my previous post, I had the same problem with McAfee VirusscanPlus.

    And when I try to restore a connection, especially late in the evening (my impression, not sure), it seems that my modem/router/computer has trouble obtaining a network address. It often takes some time. And for my connection (no idea whether it's Ipsec related) either the MAC address of the router, (modem?), or ethernet card (I use an USB stick for wireless connection), or computer o_O may be relevant. Attempts to clone a MAC address have failed.

    A real solution would probably mean purchasing a new computer, new OS, new router, new ISP. o_O

    I have absolutely no degree in computer science, and am way out of my league here.
     
    Last edited: Jun 13, 2009
  6. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    I would start IPSEC service and see if you solve the problem. I checked my laptop services, I connect wirelessly with laptop, and it has IPSEC running. I am pretty sure for wireless Ipsec is used in the authentification process.

    If it won't run:these are Ipsec's dependencies.

    IPSEC driver
    Remote Procedure Call (RPC)
    TCP/IP Protocol Driver

    Assume RPC service is working fine because you can connect eventually. So to check the two sys files.

    Start/Run type: devmgmt.msc
    Click: OK

    Click: View tab
    Click: Show Hidden Devices
    Click: +Non-Plug and Play Drivers
    Double Click: IPSEC driver

    view General: device is enabled (enabled if disabled)
    view Driver tab: status is Started (start if stopped)

    TCP/IP Protocol Driver driver should be ok. But take a look just incase. Same as above.

    reboot and check IPSEC has started in services.

    Fingers crossed :thumb:
     
  7. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Thank you for your attempts to help me.

    The files are there, in the corect location of as described in:
    'Start/Run type: devmgmt.msc
    Click: OK

    Click: View tab
    Click: Show Hidden Devices
    Click: +Non-Plug and Play Drivers
    Double Click: IPSEC driver'

    (Both are ('state') enabled and started).

    But IPSEC is also present in : C:\windows\servicepackfiles\i386
    (also in an uninstall folder for the service pack)

    Tcpip.sys is also where it's supposed to be.
    However, it's also in: c:\windows\servicepackfiles, AND in c:\windows\$hf_mig$\KB951748\SP2QFE AND in c:\windows\$hf_mig$\KB951748\SP3QFE (is that SP3 for service pack 3 ? I use service pack 2)
    AND in c:\windows\system32\dllcache plus two things for uninstalling.

    The Tcpip.sys to which the system refers windows\system32\drivers. That file has a date from 2003 ! (Before I even bought the computer, and I have reformatted and reinstalled more than once since)
    The same goes for Ipsec.sys. As for the version, it states: 5.1.2600.2180 (xpsp_sp2_rtm.040803-215:cool: , which suggests service pack 2 ??

    (even day and month is the same as tcpip.sys as mentioned above)
    For Ipsec.sys to which the system refers that same xpsp_sp2 is there suggesting service pack 2 (number is different though)

    I looked up that KB951748 thing, and apparently at the time that update caused (internet) connection problems for many people (see google).

    It's weird.

    They both have the status 'started' and type 'system'.
    Under 'services', IPSEC is at automatic, I can't find a reference to TCP/IP, except TCP/IP NETBIOS helper.

    I don't know what to make of it, or what to do with it. Shouldn't the files in the servicepack folders be used ??
     
  8. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Hi there.

    Is IPSEC Services started?

    click Start/Run type: services.msc
    click: ok

    Check if status is Started. If not started. Double click IPSEC and start.

    ^^ that is normal

    ^^ Its a good point. I am not sure quite what is going wrong there.

    From what I gathered, youre still using SP2. Might be worth updating to SP3. Its worth running file check anyway just to see if anything is corrupted/gone haywire

    click Start/Run type: SFC /scannow
    click OK (you will probably have to put Windows CD in drive)

    I think getting this IPSEC service working will help rule out a lot of possibilities, which there are right now, while its not working. If it doesn't start up ... check MS knowledge base for any solutions.

    Personally I'd update to SP3 and go from there. It will inspect the system and see what is needed. At least you know you're up to date with all fixes. You have a back-up image so it should be ok.
     
  9. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    At services, I clicked on the IPSEC services. It is on automatic.
    Double-clicking indicates that the service is/has stopped.

    When I try to start IPSEC from there I get the following error (rough translation into English): unable to start the IPSEC services service on local computer. Error 1747 the service for authentication is unknown.
    (I tried getting some useful information on the internet, but no luck. More questions than answers).

    As for the SFC /scannow , I tried it without any luck. I was asked to put the Windows XP PROFESSIONAL (setup) CD in the drive ! But I have the HOME EDITION (original installation CD) ! I tried it anyway, and my computer told me it was the wrong CD ! :mad:
    Last year, I reformatted my harddrive, installed from the original Windows XP Home Edition CD (predates service pack 2). I did not follow the recommendation of Microsoft to use the update system to get service pack 2 because that would require about 100 reboots o_O , but downloaded the service pack for 'IT professionals' instead. I'm pretty sure I checked for Home Edition vs. PRO.
    I have an imaging system, but the earliest image I have includes this downloaded service pack 2. I am currently using this image with Eset Smart Security installed on top of this.

    I have not had connection problems until recently. I strongly suspect my ISP has something do do with it, but other issues (drivers, ? ) may also contribute.
    And for my ISP: 'we don't support your router'. o_O

    I prefer not switching to service pack 3 (yet), it seems unlikely it would solve my problem. And I just don't trust what might be in SP3, I have all the updates and from what I could tell at the time it was released, it did not add anything useful. (And then there is still that 'Home Edition' vs. PRO issue).
     
    Last edited: Jun 16, 2009
  10. Keyboard_Commando

    Keyboard_Commando Registered Member

    Joined:
    Mar 6, 2009
    Posts:
    690
    Have you had any luck with your problem?
     
  11. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Thanks for asking.

    I have temporarily given up, and replaced the wireless connection by placing a REALLY long cable between my modem and my computer.
    It's not a long term solution though. But it was driving me mad. :mad:

    When I connect wirelessly my IP AND host name are different from what I get if I just connect the computer into the modem by wire.
    Weird. I've tried cloning a MAC address, but that didn't work.
    I have also tried to connect the computer to the router by wire/cable, plugging it in the LAN port, modem in the WAN port. I don't recall the details. It worked for a while, but then I lost my connection.

    The IPSEC error is still there.
     
Loading...
Thread Status:
Not open for further replies.