Monitor unlimited number of servers
Filter log events
Create email and web-based reports
Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content
Event ID: 547 Source: Security
Source
Level
Description
IKE security association negotiation failed.
Mode: Key Exchange Mode (Main Mode)
Filter:
<Source IP Address>
<Source IP Address Mask>
<Destination IP Address>
<Destination IP Address Mask>
<Protocol>
<Source Port>
<Destination Port>
Failure Point: Me
Failure Reason: IKE SA deleted before establishment completed
Mode: Key Exchange Mode (Main Mode)
Filter:
<Source IP Address>
<Source IP Address Mask>
<Destination IP Address>
<Destination IP Address Mask>
<Protocol>
<Source Port>
<Destination Port>
Failure Point: Me
Failure Reason: IKE SA deleted before establishment completed
English
Request a translation of the event description in plain English.
Comments
In my case, i got this event after one of the two reverse lookup zones in the DNS server failed to load. The problem was fixed by loading the missed zone.
As per Microsoft: "This audit is the primary diagnostic tool for determining IKE negotiation failures. It describes which mode (Main or Quick), which filter, where the failure occurred (Me or Peer), and gives an explanation of the failure as well as likely reasons for this failure". See MSW2KDB for information about this event.
See ME833976 for a hotfix applicable to Microsoft Windows XP.
See ME257225 - Basic IPSec Troubleshooting in Windows 2000.
Windows Event Log Analysis Splunk App
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Cisco ASA Log Analyzer Splunk App
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.