Fixing Juniper SRX VPN Issues for "KMD_INTERNAL_ERROR: Error:File exists in adding SA config for tunnel id xxxxxx spi 0"

If you have funky issues where your tunnels refuse to connect and a "show security ike security-associations" is showing DOWN with a responder cookie of 0000000000000000, check your kmd log. If you see any entries with this obscure message: "KMD_INTERNAL_ERROR: Error:File exists in adding SA config for tunnel id 666666 spi 0" then read on... To fix this issue, you have two options: 1) Reboot (if its in a cluster, reboot them both simultaneously) or 2) Edit the config: Completely remove the dead/broken st0.xxx interfaces out of the config (including all references to it in the SECURITY IKE, IPSEC, and ZONES sections). Do a "commit full", wait for it to finish. Then rollback the config to before you removed the interfaces (in config mode, its "rollback 1"). Afterwards the VPN tunnels will miraculously come back to life on these horribly buggy firewalls.