Re: IPSEC not working
From: Stephen Cartwright [MSFT] (scart_at_online.microsoft.com)
Date: Fri, 6 May 2005 09:56:17 -0700
Sounds like you have a basic connectivity issue with you server. IKE is
timing out and ping is failing. You said all was working until yesterday and
nothing has changed on your polices [or become invalid?].
Stop policyagent on the server and one client and establish that the server
is ping contactable before lauching on IPsec/AD/DNS troubleshooting as it
does not appear to be an IPsec issue on first reading.
-- Stephen Cartwright [MSFT] "This posting is provided "AS IS" with no warranties, and confers no rights." "Ludwig Zammit" <Ludwig Zammit@discussions.microsoft.com> wrote in message news:1FD7D43B-0DB6-46B6-BEB2-D764510B62E4@microsoft.com... >I have set up one of my servers with the Server(Request Security) IPSEC > policy. Any clients and servers (memebrs of the same domain)which had the > client(respond Only) policy activated used to communicate succesfully with > this server and any communication was shown correctly in ipsecmon. > > However as of yesterday I started having problems with clients > communicating > with this server. I have enabled Object Access Auditing on the server and > am > receiving event ID 547 in my security event log: > > The failure reason is either "IKE SA deleted before establishment > completed" > or "No response from peer". The failure point is always "Me" > > If i try to ping the server from any machine which has the client(respond > only) policy enable I get a "Request Timed Out". The Server(Request > Security) > policy has not been modified and hence all ICMP traffic should be > permitted. > > I am still receiving sucessful event ids (541,542 and 543) along with > these > error messages. I am not sure if this is a normal behaviour or not. > > Any help is appreciated.