Audit IPsec Extended Mode

Applies to

  • Windows 10
  • Windows Server 2016

Audit IPsec Extended Mode allows you to audit events generated by Internet Key Exchange protocol (IKE) and Authenticated Internet Protocol (AuthIP) during Extended Mode negotiations.

Audit IPsec Extended Mode subcategory is out of scope of this document, because this subcategory is mainly used for IPsec Extended Mode troubleshooting.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller IF IF IF IF IF - This subcategory is mainly used for IPsec Extended Mode troubleshooting, or for tracing or monitoring IPsec Extended Mode operations.
Member Server IF IF IF IF IF - This subcategory is mainly used for IPsec Extended Mode troubleshooting, or for tracing or monitoring IPsec Extended Mode operations.
Workstation IF IF IF IF IF - This subcategory is mainly used for IPsec Extended Mode troubleshooting, or for tracing or monitoring IPsec Extended Mode operations.

4978: During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.

4979: IPsec Main Mode and Extended Mode security associations were established.

4980: IPsec Main Mode and Extended Mode security associations were established.

4981: IPsec Main Mode and Extended Mode security associations were established.

4982: IPsec Main Mode and Extended Mode security associations were established.

4983: An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.

4984: An IPsec Extended Mode negotiation failed. The corresponding Main Mode security association has been deleted.