Event ID 5479 — IPsec Policy Agent Service Initialization

Applies To: Windows Server 2008 R2

The IPsec Policy Agent service must be running to receive and process Internet Protocol security (IPsec) policies that were made by using earlier versions of Windows.

Note: This service provides compatibility with Internet Protocol security (IPsec) policies used in earlier versions of Windows. New deployments of Windows Vista and Windows Server 2008 should not use the policies supported by the IPsec Policy Agent service since those policies support only a subset of the features supported by Windows Firewall with Advanced Security. Instead, new deployments should use policies created by using Windows Firewall with Advanced Security to take full advantage of the additional security and features.

When appropriate auditing events are enabled (https://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the service, or when the service stops operating due to a failure.

Event Details

Product: Windows Operating System
ID: 5479
Source: Microsoft-Windows-Security-Auditing
Version: 6.1
Symbolic Name: SE_AUDITID_ETW_POLICYAGENT_IPSECSVC_SUCCESSFUL_SHUTDOWN
Message: IPsec Services has been shut down successfully. The shutdown of IPsec Services can put the computer at greater risk of network attack or expose the computer to potential security risks.

Resolve

Restart the service

If you manually stopped the IPsec Policy Agent service, you can use the following procedure to restart it.

To restart the IPsec Policy Agent service:

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

  1. Restart the service. You can do this from a command prompt or from the Services Microsoft Management Console (MMC) snap-in. Do either of the following:
    • Start an administrative command prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. At that command prompt, run the command net start policyagent.
    • Click Start, type services.msc in the Start Search box, and then press ENTER. In the Name column of the Services snap-in, right-click IPsec Policy Agent, and then click Start.
  2. If the attempt to restart the service fails, then restart the computer. This forces all related and dependent services to restart.
  3. If the error persists after the computer restarts, then the executable files for the driver or service might be corrupted, and the operating system must be reinstalled.

Verify

You can verify that the IPsec Policy Agent service is running by using the Services Microsoft Management Console (MMC) snap-in or the net start command-line tool.

To verify that the IPsec Policy Agent service is running:

Check the status by using the Services MMC snap-in

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

  1. Click Start, type services.msc in the Start Search box, and then press ENTER.
  2. In the Services MMC snap-in, find IPsec Policy Agent, and then confirm that Started appears in the Status column.

Check the status by using the net start command-line tool

At a command prompt, type net start, and then verify that IPsec Policy Agent is listed as one of the services currently running on the computer.

IPsec Policy Agent Service Initialization

Windows Firewall with Advanced Security