IPsec Policy Agent Service Runtime

Applies To: Windows Server 2008

The IPsec Policy Agent Service applies IPsec policy and rule changes to the current operating state of the IPsec filtering software.

Note: The IPsec Policy Agent service provides compatibility with Internet Protocol security (IPsec) policies created by using Group Policy editing tools on computers that are running earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features.

When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports when the service cannot perform its required tasks, such as properly processing filters, or cannot protect traffic sent or received by one or more of the network adapters attached to the computer.

Events

Event ID Source Message

4712

Microsoft-Windows-Security-Auditing

IPsec Services encountered a potentially serious failure.
%1

5463

Microsoft-Windows-Security-Auditing

PAStore Engine polled for changes to the active IPsec policy and detected no changes.

5464

Microsoft-Windows-Security-Auditing

PAStore Engine polled for changes to the active IPsec policy, detected changes, and applied them to IPsec Services.

5465

Microsoft-Windows-Security-Auditing

PAStore Engine received a control for forced reloading of IPsec policy and processed the control successfully.

5477

Microsoft-Windows-Security-Auditing

PAStore Engine failed to add quick mode filter.

Quick Mode Filter:%t%t%1
Error Code:%t%t%2

5480

Microsoft-Windows-Security-Auditing

IPsec Services failed to get the complete list of network interfaces on the computer. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.

5485

Microsoft-Windows-Security-Auditing

IPsec Services failed to process some IPsec filters on a plug-and-play event for network interfaces. This poses a potential security risk because some of the network interfaces may not get the protection provided by the applied IPsec filters. Use the IP Security Monitor snap-in to diagnose the problem.

IPsec Policy Agent Service

Windows Firewall with Advanced Security