Event ID 5477 — IPsec Policy Agent Service Runtime
Applies To: Windows Server 2008
.jpg)
The IPsec Policy Agent Service applies IPsec policy and rule changes to the current operating state of the IPsec filtering software.
Note: The IPsec Policy Agent service provides compatibility with Internet Protocol security (IPsec) policies created by using Group Policy editing tools on computers that are running earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features.
When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports when the service cannot perform its required tasks, such as properly processing filters, or cannot protect traffic sent or received by one or more of the network adapters attached to the computer.
Event Details
| Product: | Windows Operating System |
| ID: | 5477 |
| Source: | Microsoft-Windows-Security-Auditing |
| Version: | 6.0 |
| Symbolic Name: | SE_AUDITID_ETW_POLICYAGENT_PASTORE_ADD_QM_FILTER_FAIL |
| Message: | PAStore Engine failed to add quick mode filter. Quick Mode Filter:%t%t%1 Error Code:%t%t%2 |
Resolve
Restart the computer
In specific situations when memory resources are extremely low, the IPsec Policy Agent service cannot function correctly.
To recover from this situation without compromising security, you must restart the computer. You cannot just free up memory by closing programs, and you cannot just restart the service. After the computer restarts, consider running fewer applications on the computer to place less of a load on memory resources.
If the problem occurs frequently, you might need to add memory to the computer in order to avoid the low resources situation.
To examine memory usage on the computer:
- Log on to the computer.
- Right-click the taskbar, and then click Task Manager.
- Click the Applications tab and make sure Status of all tasks is Running. If any tasks have a Status of Not responding, you should consider ending the task by clicking End Task.
- Click the Processes tab.
- Click Memory and investigate processes that are using a lot of memory.
Verify
You can verify that the IPsec Policy Agent service is running by using the Services Microsoft Management Console (MMC) snap-in or the net start command-line tool.
To verify that the IPsec Policy Agent service is running:
Check the status by using the Services MMC snap-in
To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.
- Click Start, type services.msc in the Start Search box, and then press ENTER.
- In the Services MMC snap-in, find IPsec Policy Agent, and confirm that Started appears in the Status column.
Check the status by using the net start command-line tool
At a command prompt, type net start, and then verify that IPsec Policy Agent is listed as one of the services currently running on the computer.