| Event Id | 284 |
| Source | PolicyAgent |
| Description | This event indicates that the IP Security Policy Agent cannot contact the Active Directory for the domain that the computer belongs to. |
| Event Information | According to Microsoft: To troubleshoot IPsec, first enable Audit policy, and then verify the results of phase one and phase two exchanges. When you enable Audit policy, security events are logged in the Security log. By examining the Security log, you can determine whether IKE security association negotiation is successful. To enable Audit policy, follow these steps: 1. In Group Policy, expand Local Computer Policy. 2. Locate and then click Computer Configuration/Windows Settings/Security Settings/Local Policies/Audit Policy. 3. In the details pane, right-click Audit logon events, and then click Properties. 4. Click to select Success, click to select Failure, and then click OK. 5. In the details pane, right-click Audit object access, and then click Properties. 6. Click to select Success, click to select Failure, and then click OK. You can use IP Security Monitor to monitor your security associations, IPsec statistics, and IKE statistics. In particular, you can use IP Security Monitor to verify the success of authentication and security associations. To start IP Security Monitor, click Start, click Run, type ipsecmon, and then click OK. By default, IP Security Monitor displays statistics for the local computer. To specify a remote computer, click Start, click Run, type ipsecmon computer_name, and then click OK. Troubleshooting "bad SPI" messages in the Event Viewe 1. If a key lifetime value is set too low. 2. If the sender continues to transmit data to the receiver after the security association has expired. When you receive a new security association, you must start transmitting data on it. However, if you communicate with a slower responder, the slower responder may receive IPSed-protected data that it does not recognize. The responder considers an SPI that it does not recognize a "bad SPI." To determine the problem and to correct it, use IP Security Monitor to examine the number of rekeys. Consider how long the connections h |
| Reference Links | IPsec troubleshooting in Microsoft Windows 2000 Server |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.