I found on several of our servers that the ipsec service fail’s to start on some of our SBS servers, this is because the DNS service randomly picks 2500 ports and seems to pick the port ipsec uses, to fix this you need to add some exclusions into the registry.
Open regedit and go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts and type the following numbers in addition to the ones already there.
- 1645-1646 – Used by IAS
- 1701-1701 – Used by L2TP
- 1812-1813 – Used by IAS
- 2883-2883 – Used by AUTD
- 4500-4500 – Used by IPSEC
I found this info on the Official SBS Blog