Posted by: kurtsh | April 21, 2006

HOTFIX: Very important patch for PKI IPsec users

Today, we are excited to announce the immediate availability of a brand new hotfix for IPsec that provides major deployment improvements for Server and Domain Isolation, as well as eases on-going maintenance.

This hotfix (known as the “Simple Policy” update or ND-lite) adds functionality to Windows XP and Windows Server 2003 to greatly simplify IPsec policy creation and maintenance in Server and Domain Isolation scenarios. In the majority of cases, the installation of this hotfix significantly reduces the number of IPsec filters that are required for a Server or Domain Isolation deployment. We expect that this will result in the reduction of the number of IPsec filters from hundreds to only two (2).

The “Simple Policy” update will be most useful in the following scenarios:

  • Reducing the complexity of an existing Server Isolation and/or Domain Isolation deployment
  • Removing IPsec deployment blocking issues due to the complexity of the IPsec policy involved, e.g.  where there are a large number of policy exceptions

The hotfix can be found via knowledgebase article KB 914841. It is available on the hotfix servers and will be rolled into subsequent service packs for Windows XP and Windows Server 2003. KB reference:



%d bloggers like this: