Windows Server
United States (English) Sign in
Home Windows Server 2012 Windows Server 2008 R2 Windows Server 2003 Library Forums
This topic has not yet been rated - Rate this topic

Audit IPsec Extended Mode

Updated: June 15, 2009

Applies To: Windows 7, Windows Server 2008 R2

This security policy setting determines whether the operating system generates audit events for the results of the Internet Key Exchange (IKE) protocol and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.

Event volume: High

Default: Not configured

If this policy setting is configured, the following events are generated. The events appear on computers running Windows Server 2008 R2, Windows Server 2008, Windows 7, or Windows Vista.

 

Event ID Event message

4978

During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

4979

IPsec Main Mode and Extended Mode security associations were established.

noteNote
This event provides event data in the following categories: Main Mode Local Endpoint, Main Mode Remote Endpoint, Main Mode Cryptographic Information, Main Mode Security Association, Main Mode Additional Information, and Extended Mode Information.

4980

IPsec Main Mode and Extended Mode security associations were established.

noteNote
This event provides event audit data in the following categories: Main Mode Local Endpoint, Main Mode Remote Endpoint. Main Mode Cryptographic Information, Main Mode Security Association, Main Mode Additional Information, Extended Mode Local Endpoint, Extended Mode Remote Endpoint, and Extended Mode Additional Information:

4981

IPsec Main Mode and Extended Mode security associations were established.

noteNote
This event provides event audit data in the following categories: Local Endpoint, Local Certificate, Remote Endpoint, Remote Certificate, Cryptographic Information, Security Association Information, Additional Information, and Extended Mode Information.

4982

IPsec Main Mode and Extended Mode security associations were established.

noteNote
This event provides event audit data in the following categories: Local Endpoint, Local Certificate, Remote Endpoint, Remote Certificate, Cryptographic Information, Security Association Information, Additional Information, Extended Mode Local Endpoint, Extended Mode Remote Endpoint, and Extended Mode Additional Information.

4983

An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

noteNote
This event provides event audit data in the following categories: Local Endpoint, Local Certificate, Remote Endpoint, Remote Certificate, and Failure Information.

4984

An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

noteNote
This event provides event audit data in the following categories: Local Endpoint, Remote Endpoint, Additional Information, and Failure Information.

Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft
|
Site Feedback
© 2013 Microsoft. All rights reserved.