IPsec Service Initialization
Applies To: Windows Server 2008 R2
The IKE and AuthIP IPsec Keying Modules (IKEEXT) service must be running for Internet Protocol security (IPsec) to provide authentication and encryption services. This service implements the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) protocols. These keying modules support the authentication and key exchange features required by Internet Protocol security (IPsec).
When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the service, or when the service stops operating due to a failure.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-Windows Firewall with Advanced Security |
A connection security rule was added to IPsec settings when Windows Firewall started. %tRule ID:%t%1 %tRuleName:%t%2 %tOrigin:%t%3 %tActive:%t%4 %tProtocol:%t%5 %tEndPoint1Ports:%t%6 %tEndPoint2Ports:%t%7 %tLocalTunnelEndpointV4:%t%8 %tLocalTunnelEndpointV6:%t%9 %tRemoteTunnelEndpointV4:%t%10 %tRemoteTunnelEndpointV6:%t%11 %tPhase1AuthSetId:%t%12 %tPhase2AuthSetId:%t%13 %tPhase2CryptoSetId:%t%14 %tAction:%t%15 %tProfiles:%t%16 %tLocalAddresses:%t%17 %tRemoteAddresses:%t%18 %tEmbeddedContext:%t%20 %tIsDTM:%t%22 %tApplyAuthZ:%t%23 %tBypassTunnelIfEncrypted:%t%24 %tNoIPSecOnOutbound:%t%25 %tModifyingUser:%t%26 %tModifyingApplication:%t%27 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A main mode rule was added to the IPsec settings when Windows Firewall started. %tRule ID:%t%1 %tRuleName:%t%2 %tProfiles:%t%3 %tEndpoint1:%t%4 %tEndpoint2:%t%5 %tPhase1AuthSetId:%t%6 %tPhase1CryptoSetId:%t%7 %tFlags:%t%8 %tActive:%t%9 %tEmbeddedContext:%t%10 %tOrigin:%t%11 %tModifyingUser:%t%12 %tModifyingApplication:%t%13 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 1 crypto set was added to IPSec settings when Windows Firewall started. %tSet ID:%t%1 %tSetName:%t%2 %tOrigin:%t%4 %tFlags:%t%6 %tNumSuites:%t%7 %tTimeOutMinutes:%t%10 %tTimeOutSessions:%t%11 %tModifyingUser:%t%12 %tModifyingApplication:%t%13 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
A phase 2 crypto set was added to IPsec settings when Windows Firewall started. %tSet ID:%t%1 %tSetName:%t%2 %tOrigin:%t%4 %tPfs:%t%6 %tNumSuites:%t%7 %tModifyingUser:%t%10 %tModifyingApplication:%t%11 |
|
Microsoft-Windows-Windows Firewall with Advanced Security |
An authentication set has been added to IPsec settings when Windows Firewall started. %tSet ID:%t%1 %tSet Name:%t%2 %tIPsecPhase:%t%3 %tOrigin:%t%5 %tNumSuites:%t%7 %tModifyingUser:%t%10 %tModifyingApplication:%t%11 |
|
Microsoft-Windows-Security-Auditing |
An IPsec negotiation with a remote computer failed because the IKE and AuthIP IPsec Keying Modules (IKEEXT) service is not started. |