Re: IPSEC not working

From: Stephen Cartwright [MSFT] (scart_at_online.microsoft.com)
Date: 05/06/05 

Date: Fri, 6 May 2005 09:56:17 -0700

Sounds like you have a basic connectivity issue with you server. IKE is
timing out and ping is failing. You said all was working until yesterday and
nothing has changed on your polices [or become invalid?].
Stop policyagent on the server and one client and establish that the server
is ping contactable before lauching on IPsec/AD/DNS troubleshooting as it
does not appear to be an IPsec issue on first reading. 

-- 
Stephen Cartwright [MSFT]
"This posting is provided "AS IS" with no warranties, and confers no 
 rights."
"Ludwig Zammit" <Ludwig Zammit@discussions.microsoft.com> wrote in message 
news:1FD7D43B-0DB6-46B6-BEB2-D764510B62E4@microsoft.com...
>I have set up one of my servers with the Server(Request Security) IPSEC
> policy. Any clients and servers (memebrs of the same domain)which had the
> client(respond Only) policy activated used to communicate succesfully with
> this server and any communication was shown correctly in ipsecmon.
>
> However as of yesterday I started having problems with clients 
> communicating
> with this server. I have enabled Object Access Auditing on the server and 
> am
> receiving event ID 547 in my security event log:
>
> The failure reason is either "IKE SA deleted before establishment 
> completed"
> or "No response from peer". The failure point is always "Me"
>
> If i try to ping the server from any machine which has the client(respond
> only) policy enable I get a "Request Timed Out". The Server(Request 
> Security)
> policy has not been modified and hence all ICMP traffic should be 
> permitted.
>
> I am still receiving sucessful event ids (541,542 and 543) along with 
> these
> error messages. I am not sure if this is a normal behaviour or not.
>
> Any help is appreciated.

Relevant Pages

  • Re: RDP can not logon error
    ... Tracert & Ping to dc on the same subnet as the server that is having trouble. ... No network provider accepted the given network path.. ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.general)
  • Re: Cannot connect to Server
    ... Test 1 - the clients can ping one anotehr ... gpupdate/force - reboot both client and server - ping to server from client ... Suggestion 2 - ping to server works when running safe mode with networking ...
    (microsoft.public.windows.server.sbs)
  • Re: The specified network name is nolonger available
    ... My server is named FS1. ... > ping \\fs1 and I will get a successful return. ... I still can access the drives marked ... What is the point in these permissions as they can be bypassed by mapping ...
    (microsoft.public.win2000.networking)
  • Re: RDP can not logon error
    ... ping and tracert to the dc in that remote site (where this system ... Tracert & Ping to dc on the same subnet as the server that is having ... No network provider accepted the given network path.. ... Starting test: CrossRefValidation ...
    (microsoft.public.windows.server.general)
  • RE: Unable to ping client2
    ... I understand that the server box can not ping one ... client workstation after upgraded to SBS 2003 SP1. ... Reboot the SBS Server. ... On the client workstation, run "ipconfig /release" and then run ...
    (microsoft.public.windows.server.sbs)