Windows Security Log Event ID 4650

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Windows Server 2025
Category
 • Subcategory		Logon/Logoff
 • IPsec Main Mode
Type Success
Corresponding events
in Windows 2003
and before		  

4650: An IPsec Main Mode security association was established

On this page

An IPsec Main Mode security association was established. Extended Mode was not enabled.  Certificate authentication was not used.

Free Security Log Resources by Randy

Supercharger Free Edition


Supercharger's built-in Xpath filters leave the noise behind.

Free.

 

Examples of 4650

An IPsec Main Mode security association was established. Extended Mode was not enabled.  Certificate authentication was not used.

Local Endpoint:
   Principal Name:  jsmith@srv1.dmn
   Network Address: 10.40.1.123
   Keying Module Port: 500

Remote Endpoint:
   Principal Name:  DMN/SRV2$
   Network Address: 10.40.1.101
   Keying Module Port: 500

Security Association Information:
   Lifetime (minutes): 480
   Quick Mode Limit:   0
   Main Mode SA ID: 9

Cryptographic Information:
   Cipher Algorithm: 3DES
   Integrity Algorithm:   SHA1
   Diffie-Hellman Group:  DH group 2

Additional Information:
   Keying Module Name:    IKEv1
   Authentication Method: Kerberos
   Role: Responder
   Impersonation State:   Not enabled
   Main Mode Filter ID:   71695

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!