Share via


IPsec Policy Agent Rule Processing

Applies To: Windows Server 2008 R2

The IPsec Policy Agent service receives its rules from local security policy stored in the system registry, and from Group Policy delivered by Active Directory. After receiving new or modified policy settings, IPsec Policy Agent must process each new or modified rule to determine which network traffic to block, allow, or protect by using Internet Protocol security (IPsec). 

Note:   This service provides compatibility with Internet Protocol security (IPsec) policies used in earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features.

When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures, both in retrieving policy, and in processing the rules defined in the policy.

Events

Event ID Source Message

5456

Microsoft-Windows-Security-Auditing

PAStore Engine applied Active Directory storage IPsec policy on the computer.

Policy:%t%t%1

5457

Microsoft-Windows-Security-Auditing

PAStore Engine failed to apply Active Directory storage IPsec policy on the computer.

DN:%t%t%1
Error code:%t%t%2

5458

Microsoft-Windows-Security-Auditing

PAStore Engine applied locally cached copy of Active Directory storage IPsec policy on the computer.

Policy:%t%t%1

5459

Microsoft-Windows-Security-Auditing

PAStore Engine failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.

Policy:%t%t%1
Error Code:%t%t%2

5460

Microsoft-Windows-Security-Auditing

PAStore Engine applied local registry storage IPsec policy on the computer.

Policy:%t%t%1

5461

Microsoft-Windows-Security-Auditing

PAStore Engine failed to apply local registry storage IPsec policy on the computer.

Policy:%t%t%1
Error Code:%t%t%2

5462

Microsoft-Windows-Security-Auditing

PAStore Engine failed to apply some rules of the active IPsec policy on the computer. Use the IP Security Monitor snap-in to diagnose the problem.

Policy:%t%t%1
Error Code:%t%t%2

5466

Microsoft-Windows-Security-Auditing

PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory cannot be reached, and will use the cached copy of the Active Directory IPsec policy instead. Any changes made to the Active Directory IPsec policy since the last poll could not be applied.

5467

Microsoft-Windows-Security-Auditing

PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, and found no changes to the policy. The cached copy of the Active Directory IPsec policy is no longer being used.

5468

Microsoft-Windows-Security-Auditing

PAStore Engine polled for changes to the Active Directory IPsec policy, determined that Active Directory can be reached, found changes to the policy, and applied those changes. The cached copy of the Active Directory IPsec policy is no longer being used.

5471

Microsoft-Windows-Security-Auditing

PAStore Engine loaded local storage IPsec policy on the computer.

Policy:%t%t%1

5472

Microsoft-Windows-Security-Auditing

PAStore Engine failed to load local storage IPsec policy on the computer.

Policy:%t%t%1
Error Code:%t%t%2

5473

Microsoft-Windows-Security-Auditing

PAStore Engine loaded directory storage IPsec policy on the computer.

Policy:%t%t%1

5474

Microsoft-Windows-Security-Auditing

PAStore Engine failed to load directory storage IPsec policy on the computer.

Policy:%t%t%1
Error Code:%t%t%2

IPsec Policy Agent (Legacy) Service

Windows Firewall with Advanced Security