IPSEC Help
From: BobS (bobs_at_qqq.com)
Date: 10/22/03
- Previous message: Harry Li: "Issue on calling CoRegisterClassObject in service application on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 21 Oct 2003 18:13:45 -0400
I have a 2003 AD. All of my servers, and workstation are WIN2003 servers,
and WIN XP Pro workstations. I'm tryning to get IPSEC to work without
success. I stood up a test WIN2003 server. I created a Test OU. I created a
test IPSEC policy, and applied it this test OU. The only setting in the
policy is IPSEC assign Server (request security) policy. After I apply this
policy to this OU I waite five minutes, and reboot the server. The server
comes back up, It says it's appling the computer settings. It appears to get
the IPSEC policy, and then stops communicating with the doamin controller. I
then get Netlogon errors, usernv errors, w32 errors. I then go to a
workstation and ping the workstation, and it responds so I know ICMP is
working, and not encrypted. I then try to map a drive, or hit share on the
server and I get an error "Event ID: 547" IKE Main mode negotiation failed.
This the canned IPSEC policy I'm dealing with here. The negotiating method
on the policy is kerboros, and the AD uses Kerboros. Also all computers have
machine certificates issued to them via autoenrollment. Anyone have any
ideas.
bobs@itproscorp.com
- Previous message: Harry Li: "Issue on calling CoRegisterClassObject in service application on Windows Server 2003"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
