Windows Security Log Event ID 4651

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory		Logon/Logoff
 • IPsec Main Mode
Type Success
Corresponding events
in Windows 2003
and before		  

4651: An IPsec Main Mode security association was established

On this page

An IPsec Main Mode security association was established. Extended Mode was not enabled.  A certificate was used for authentication.

Free Security Log Resources by Randy

Setup PowerShell Audit Log Forwarding in 4 Minutes

 

Examples of 4651

An IPsec Main Mode security association was established. Extended Mode was not enabled.  A certificate was used for authentication.

Local Endpoint:
   Principal Name: %1
   Network Address: %9
   Keying Module Port: %10
Local Certificate:
   SHA Thumbprint: %2
   Issuing CA:  %3
   Root CA:  %4
Remote Endpoint:
   Principal Name: %5
   Network Address: %11
   Keying Module Port: %12
Remote Certificate:
   SHA thumbprint:  %6
   Issuing CA:  %7
   Root CA:  %8
Cryptographic Information:
   Cipher Algorithm: %15
   Integrity Algorithm: %16
   Diffie-Hellman Group: %17
Security Association Information:
   Lifetime (minutes): %18
   Quick Mode Limit: %19
   Main Mode SA ID: %23
Additional Information:
   Keying Module Name: %13
   Authentication Method: %14
   Role: %20
   Impersonation State: %21
   Main Mode Filter ID: %22

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!