Re: IPSEC Problems
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: Thu, 12 May 2005 19:22:42 -0500
You may want to try and rebuild the ipsec policy. Note that for domain
computers you need to make sure that domain controllers are exempt from
ipsec negotiation traffic between domain members and domain controllers as
they do the kerberos authentication. --- Steve
"Ludwig Zammit" <LudwigZammit@discussions.microsoft.com> wrote in message
>I have set up one of my servers with the Server(Request Security) IPSEC
> policy. Any clients and servers (memebrs of the same domain)which had the
> client(respond Only) policy activated used to communicate succesfully with
> this server and any communication was shown correctly in ipsecmon.
> However as of yesterday I started having problems with clients
> with this server. I have enabled Object Access Auditing on the server and
> receiving event ID 547 in my security event log:
> The failure reason is either "IKE SA deleted before establishment
> or "No response from peer". The failure point is always "Me"
> If i try to ping the server from any machine which has the client(respond
> only) policy enable I get a "Request Timed Out". The Server(Request
> policy has not been modified and hence all ICMP traffic should be
> I am still receiving sucessful event ids (541,542 and 543) along with
> error messages. I am not sure if this is a normal behaviour or not.
> If I disable the policies I can succesfully ping the server.
> Any help is appreciated.