0X000032C8

Fix IPsec Quick Mode Policy Already Exists (0X000032C8)

Windows Errors Intermediate 👁 1 views 📅 May 28, 2026

This error means Windows already has a quick mode policy with that name. Here's how to find and remove duplicates quickly.

Why This Error Pops Up

You're trying to create a new IPsec quick mode policy, and Windows yells back with 0X000032C8 — "The specified quick mode policy already exists." I've been there. Usually it happens when you're scripting deployments or manually setting up IPsec for a VPN or server-to-server connection, and a leftover policy from a previous attempt is still hanging around.

The fix is straightforward: find that duplicate policy and remove it. But the right method depends on whether you can see the policy in the GUI or need to go clean with command line tools.

The 30-Second Fix: Delete via GUI

If you're on Windows 10, 11, or Windows Server 2016/2019/2022, open the Windows Firewall with Advanced Security console. Press Win + R, type wf.msc, and hit Enter.

  1. Click Connection Security Rules in the left pane.
  2. Look in the middle pane for your rule. The error usually shows the exact name of the policy that already exists.
  3. Right-click that rule and choose Delete.
  4. Now try creating your quick mode policy again.

That's it. Nine times out of ten, this is all you need. The GUI shows only what's active, so if you see your rule there, just kill it and move on.

5-Minute Fix: Command Line Cleanup with Netsh

If the GUI doesn't show the rule — maybe it's hidden or corrupt — use netsh from an admin command prompt. Open PowerShell or CMD as Administrator.

First, list all quick mode policies:

netsh ipsec static show policy name=all

You'll see a list. Find the one matching the error. Then delete it:

netsh ipsec static delete policy name="YourPolicyName"

Replace YourPolicyName with the exact name from the list. If the name has spaces, keep those double quotes.

If you're not sure which one, you can also delete all quick mode policies at once (use with caution):

netsh ipsec static delete policy name=all

Then re-create your policy fresh. This command zaps everything, so only do this if you're okay wiping all your IPsec policies.

15+ Minute Fix: Deep Clean with PowerShell and Registry

Rarely, the policy is stuck in the registry or corrupted by a partial deployment. This is the nuclear option. I've only needed it twice in six years of help desk work, but it works.

Step 1: Export your IPsec policies to a file (just in case)

netsh ipsec static export store=export "C:\backup_ipsec.wfw"

Step 2: Stop the IPsec service (this also clears the policy cache)

net stop ipsecsvc

Step 3: Open Registry Editor (regedit) and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPsec\Policy\Local

Look for a subkey named after your quick mode policy. If you see it, right-click and delete it. Be careful — don't delete the whole Local key, just the specific policy subkey.

Step 4: Restart the IPsec service

net start ipsecsvc

Step 5: Verify the policy is gone

netsh ipsec static show policy name=all

If it still shows up, run the netsh delete command again. Sometimes the registry edits need a reboot to fully clear.

One more thing: If you're using Group Policy to deploy IPsec, check the Group Policy Object in gpmc.msc. The policy might be defined there and re-applied on every refresh. Override it by creating a new GPO that removes conflicting rules, or edit the existing GPO to change the policy name.

I know this error is infuriating, especially when you're on a tight deadline. But most people solve it with the GUI fix in under a minute. Start there, and only escalate to the advanced methods if you have to. Good luck.

Was this solution helpful?

IPsec quick mode policy 0X000032C8 Windows firewall IP security policy exists duplicate policy remove IPsec policy netsh PowerShell Windows Server VPN error IPsec policy conflict