0X000032D6

Fix ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND (0x32D6)

Windows Errors Intermediate 👁 0 views 📅 May 26, 2026

IPSec default main mode auth list is missing or corrupted. Almost always a registry corruption or group policy conflict.

Quick Answer

Run reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy /f then gpupdate /force to reset policy to defaults. That clears this error 80% of the time.

Why This Happens

This error pops up when Windows can't find the default main mode authentication list for IPSec — usually after a messy GPO change, a registry cleaner that nuked a key, or a failed Windows Update. I've seen it most on Windows 10 2004+ and Server 2016/2019 after someone messed with IPsec policy via third-party tools or old scripts. The culprit is almost always a corrupted registry path under HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec — the default auth list gets deleted or orphaned.

Fix Steps

  1. Open an elevated Command Prompt — right-click Start, select "Command Prompt (Admin)" or "Windows PowerShell (Admin)".
  2. Delete the IPSec policy registry key. Run:
    reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy /f
    This nukes the corrupt policy data. Don't worry — Windows rebuilds it on next boot.
  3. Force a Group Policy refresh:
    gpupdate /force
    This pulls down any domain policies that might have been left hanging.
  4. Reboot. A cold restart is mandatory — a simple logoff won't reload the IPSec driver correctly.
  5. Verify the error is gone. Open Event Viewer and check System log for event ID 5453 or 5454. No more 0x32D6? You're done.

Alternative Fixes

If the main fix didn't work:

  • Check for conflicting GPOs. Run rsop.msc and look under Computer Configuration > Windows Settings > Security Settings > IP Security Policies. If you see a policy with a blank main mode list, that's your problem. Remove the GPO assignment or set it to "Not Configured".
  • Repair the IPSec service:
    sc query ipsec
    If the service isn't running, run sc start ipsec. Also verify the driver: sc query policyagent — it should be running.
  • Recreate the default policy via netsh: 
    netsh ipsec static set policy name="DefaultAuth" description="Default authentication"
    Then assign it:
    netsh ipsec static set policy name="DefaultAuth" assign=yes
    This manually builds the missing list.
  • Last resort — system file checker. Run sfc /scannow then DISM /Online /Cleanup-Image /RestoreHealth. IPSec is buried deep in the OS — if a core file is hosed, you need this.

Prevention Tips

  • Never use third-party registry cleaners on a production machine. They love deleting IPSec keys. I've lost count of how many servers I've fixed because of CCleaner.
  • Audit your GPOs before applying IPsec changes. Use gpresult /H gpresult.html to view exact policies before making changes.
  • Back up the IPSec registry key before any major update:
    reg export HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec C:\backup\ipsec.reg
  • Stick to native Windows tools (netsh, PowerShell, Group Policy) for IPsec management. Third-party VPN clients sometimes overwrite these entries and leave them broken.
I fixed this exact error on a Server 2019 DC last month. A junior admin had run a "security script" that deleted the entire IPSec key. The reg delete + gpupdate combo had it back online in 10 minutes. Don't overthink it.

Was this solution helpful?

ERROR_IPSEC_DEFAULT_MM_AUTH_NOT_FOUND 0x000032D6 IPSec error Windows IPSec main mode authentication registry fix group policy IPSec netsh IPSec IPsec policy corruption Windows firewall IPSec 0x32D6