Event ID 2017 — Connection Security Rule Processing

Applies To: Windows Server 2008 R2

Windows Firewall with Advanced Security receives connection security rules from local security policy stored in the system registry, and from Group Policy delivered by Active Directory. After receiving a new or modified policy, Windows Firewall must process each rule in the applied policies to interpret what network traffic is to be protected by using Internet Protocol security (IPsec).

Event Details

Product: Windows Operating System
ID: 2017
Source: Microsoft-Windows-Windows Firewall with Advanced Security
Version: 6.1
Symbolic Name: WFMMRuleChangeEvent
Message: A main mode rule has been modified in the IPsec settings.

%tRule ID:%t%1
%tRuleName:%t%2
%tProfiles:%t%3
%tEndpoint1:%t%4
%tEndpoint2:%t%5
%tPhase1AuthSetId:%t%6
%tPhase1CryptoSetId:%t%7
%tFlags:%t%8
%tActive:%t%9
%tEmbeddedContext:%t%10
%tOrigin:%t%11
%tModifyingUser:%t%12
%tModifyingApplication:%t%13

Resolve

This is a normal condition. No further action is required.

Connection Security Rule Processing

Windows Firewall with Advanced Security