Delay in IPSEC start affects DHCP?
We have a problem in our enviroment with DHCP:
sometimes(randomly) servers cannot get IP address from DHPC server
1. we get - Event ID 1007, Event ID 1003
2. DHCP server is Luccent QIP
3. all switches in VLAN are Cisco Catalyst with IP-helper for DHCP relay
4. all switches have spantree portfast enabled
5. all IP traffic is secured with IPSEC
6. the problem occured on servers with different OS(2000 & 2003), physical
and virtual, different hardware models(different network cards)
We tried to troubleshoot this problem, network team and QIP(DNS/DHCP) team
did not find any problems in the configurations. The only thing I discovered
on OS side that may cause the problem is the > 1minute difference between the
events: 4295(IPSec driver started, but in bypass mode) and 4294(IPSec
service started, policies applied) . Usually(when we don't have the DHCP
problem) the difference is like 3-7 seconds.
Can this be the problem? And if yes, is there a way to "tell" DHCP to wait
until IPSec Service is started?
Thank you in advance