Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4292 Source: IPSec

Source
Level
Description
The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions. User Action: To restore full unsecured TCP/IP connectivity, disable the IPSec services, and then restart the computer. For detailed troubleshooting information, review the events in the Security event log.
Comments
 
As per Microsoft: "This problem occurs because the DNS Server service is listening on the UDP port that is required by another service. This problem occurs when the MaxUserPort registry entry is present. This registry entry is located in the following subkey in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\". See ME956189 for default values for MaxUserPort.
When you try to open the Internet Protocol security (IPSec) Microsoft Management Console (MMC) policy on a Microsoft Windows Server 2003-based computer this event might be logged. A corrupted file in the policy store causes this problem. An interruption that occurs when the policy is being written to the disk may cause the corruption. See ME870910 and ME912023 to solve this problem.

This issue occurs because the logon account for the Remote Procedure Call (RPC) service is changed from the Local System account to the NetworkService account in Windows Server 2003 with SP1. See ME930220 for details on fixing this issue.

From a newsgroup post: "If you are also seeing Userenv events 1085 and 1091, see ME823608 for a hotfix".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...