IPSec Extended Mode 4984 error with DA/UAG Expand / Collapse
Author
Message
Posted 7/3/2012 6:06:27 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 7/3/2012 5:13:53 PM
Posts: 1, Visits: 0
I've stood up a UAG server, and on the client the Connectivity Assistant is telling me that "Corporate network names cannot be resolved". I've worked through multiple troubleshooting articles, and have found on the client one or more Extended Mode 4984 errors. I found this article:

http://technet.microsoft.com/en-us/library/ee844114%28v=ws.10%29.aspx

and worked through it. In particular, I see the required quick and main mode SAs mentioned in that article, even though I see a 4653 Main Mode audit failure immediately after the 4894 Extended Mode audit failure - the details of both are below.

If anyone has thoughts on this, I'd appreciate hearing them.

Thanks,

Kurt

----------Begin 4984 Event Detail----------
An IPsec extended mode negotiation failed. The corresponding main mode security association has been deleted.

Local Endpoint:
Principal Name: NT AUTHORITY\ANONYMOUS LOGON
Network Address: 2002:xxxx:yyyy::xxxx:yyyy
Keying Module Port: 500

Remote Endpoint:
Principal Name: host/G1.example.com
Network Address: 2002:aaaa:bbbb::aaaa:bbbb
Keying Module Port: 500

Additional Information:
Keying Module Name: AuthIP
Authentication Method: NTLM V2
Role: Initiator
Impersonation State: Enabled
Quick Mode Filter ID: 252766

Failure Information:
Failure Point: Local computer
Failure Reason: IKE authentication credentials are unacceptable

State: Sent second (SSPI) payload
----------End 4984 Event Detail----------

----------Begin 4653 Event Detail----------
An IPsec main mode negotiation failed.

Local Endpoint:
Local Principal Name: -
Network Address: 2001:0:xxxx:yyyy:24ad:1eee:bccd:89cd
Keying Module Port: 500

Remote Endpoint:
Principal Name: -
Network Address: 2002:aaaa:bbbb::aaaa:bbbb
Keying Module Port: 500

Additional Information:
Keying Module Name: IKEv1
Authentication Method: Unknown authentication
Role: Initiator
Impersonation State: Not enabled
Main Mode Filter ID: 0

Failure Information:
Failure Point: Local computer
Failure Reason: No policy configured

State: No state
Initiator Cookie: 36a5be545c0922e8
Responder Cookie: 0000000000000000
----------End 4653 Event Detail----------
Post #1050
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 7:09pm