Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Failure Audit|
IKE security association negotiation failed.
Mode: Key Exchange Mode (Main Mode)
<Source IP Address>
<Source IP Address Mask>
<Destination IP Address>
<Destination IP Address Mask>
Failure Point: Me
Failure Reason: IKE SA deleted before establishment completed
|English: Request a translation of the event description in plain English.|
In my case, i got this event after one of the two reverse lookup zones in the DNS server failed to load. The problem was fixed by loading the missed zone.
As per Microsoft: "This audit is the primary diagnostic tool for determining IKE negotiation failures. It describes which mode (Main or Quick), which filter, where the failure occurred (Me or Peer), and gives an explanation of the failure as well as likely reasons for this failure". See MSW2KDB for information about this event.
See ME833976 for a hotfix applicable to Microsoft Windows XP.
See ME257225 - Basic IPSec Troubleshooting in Windows 2000.
|Private comment: Subscribers only. See example of private comment|
|Links: ME257225, ME833976, Online Analysis of Security Event Log, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (1) - More links...|
Send comments or solutions
- Notify me when updated