Re: IPSEC not working

From: Ludwig Zammit (
Date: 05/07/05

Date: Fri, 6 May 2005 23:23:20 -0700

First of all thanks for your reply!

I can confirm that nothing has changed. If I disable IPSec Policies I can
ping the server without any problems.

What I cannot explain is that when the policies are enabled, ipsecmon tells
me that the connection is being secured by "ESP Triple DES HMAC SHA1" but
still I am receiving a "request timed out" when pinging the server from a
client which has " client(respond only)" enabled.

The Server(Request Security) policy is configured to permit "All ICMP Traffic"


"Stephen Cartwright [MSFT]" wrote:

> Sounds like you have a basic connectivity issue with you server. IKE is
> timing out and ping is failing. You said all was working until yesterday and
> nothing has changed on your polices [or become invalid?].
> Stop policyagent on the server and one client and establish that the server
> is ping contactable before lauching on IPsec/AD/DNS troubleshooting as it
> does not appear to be an IPsec issue on first reading.
> --
> Stephen Cartwright [MSFT]
> "This posting is provided "AS IS" with no warranties, and confers no
> rights."
> "Ludwig Zammit" <Ludwig> wrote in message
> >I have set up one of my servers with the Server(Request Security) IPSEC
> > policy. Any clients and servers (memebrs of the same domain)which had the
> > client(respond Only) policy activated used to communicate succesfully with
> > this server and any communication was shown correctly in ipsecmon.
> >
> > However as of yesterday I started having problems with clients
> > communicating
> > with this server. I have enabled Object Access Auditing on the server and
> > am
> > receiving event ID 547 in my security event log:
> >
> > The failure reason is either "IKE SA deleted before establishment
> > completed"
> > or "No response from peer". The failure point is always "Me"
> >
> > If i try to ping the server from any machine which has the client(respond
> > only) policy enable I get a "Request Timed Out". The Server(Request
> > Security)
> > policy has not been modified and hence all ICMP traffic should be
> > permitted.
> >
> > I am still receiving sucessful event ids (541,542 and 543) along with
> > these
> > error messages. I am not sure if this is a normal behaviour or not.
> >
> > Any help is appreciated.