Windows Security Log Event ID 4652

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022 Windows Server 2025
Category • Subcategory	Logon/Logoff • IPsec Main Mode
Type	Failure
Corresponding events in Windows 2003 and before

4652: An IPsec Main Mode negotiation failed

On this page

Description of this event
Field level details
Examples

Free Security Log Resources by Randy

Setup PowerShell Audit Log Forwarding in 4 Minutes

Examples of 4652

An IPsec Main Mode negotiation failed.

Local Endpoint:
   Principal Name: %1
   Network Address: %9
   Keying Module Port: %10
Local Certificate:
   SHA Thumbprint: %2
   Issuing CA: %3
   Root CA: %4
Remote Endpoint:
   Principal Name: %5
   Network Address: %11
   Keying Module Port: %12
Remote Certificate:
   SHA thumbprint: %6
   Issuing CA: %7
   Root CA: %8
Additional Information:
   Keying Module Name: %13
   Authentication Method: %16
   Role:   %18
   Impersonation State: %19
   Main Mode Filter ID: %20
Failure Information:
   Failure Point: %14
   Failure Reason: %15
   State:   %17
   Initiator Cookie: %21
   Responder Cookie: %22

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

March 2025 Patch Tuesday	"Patch Tuesday - Eight Zero Days " - sponsored by Supercharger

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2025 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.