Event ID/Source search
Keyword searchExample: Windows cannot unload your registry file
Event ID: 4295 Source: IPSEC
The IPSec Driver is starting in Bypass mode. No IPSec security is being applied while this computer starts up. IPSec policies, if they have been assigned, will be applied to this computer after the IPSec services start.
|English: Request a translation of the event description in plain English.|
The IPSec Driver (%SystemDirectory%\drivers\ipsec.sys) is loaded at system startup, regardless of the startup setting for the IPSEC Service (PolicyAgent). The Driver has an OperationMode registry entry (REG_DWORD) under HKLM\SYSTEM\CurrentControlSet\Services\IPSec, which determines how the driver will function until/if the IPSEC Service starts. One of three System events will be logged almost a minute after EventLog's 6009 startup event, depending on the OperationMode setting and startup type for the IPSEC Service. Here's the driver registry settings and resulting System events:
OperationMode 0- Permit(Bypass). Causes Event 4295.
OperationMode 1- Block. Causes Event 4296.
OperationMode 2- (Reserved). Causes Event 4295.
OperationMode 3- Stateful. Causes Event 4297.
Event 4294 will occur once the IPSEC Service starts, about 8 seconds after the event for the Driver if the Service's startup type is Automatic.
Event 4295 (Bypass) will occur if the Service is Disabled, regardless of the OperationMode registry setting.
See ME254949, and the links to “Understanding IPSec Driver Startup Modes” and “Thread - Error contacting the DC server” for additional information.
|Private comment: Subscribers only. See example of private comment|
|Links: ME254949, Understanding IPSec Driver Startup Modes, Thread - Error contacting the DC server|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated