| Event Id | 542 |
| Source | oakley |
| Description | The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions. All 3DES encryption used by ISAKMP/Oakley is weakened to standard DES encryption. Generally, this is benign. ISAKMP/Oakley will still be able to negotiate IP security parameters, and protect that negotiation with DES encryption. This should only be of concern if you demand that the ISAKMP/Oakley negotiation be protected with 3DES encryption. If this is the case, please contact your network administrator. |
| Event Information | CAUSE : Active Directory requires the Kerberos Key Distribution Center service for authentication. This symptom may occur if the Kerberos Key Distribution Center service is disabled. Resolution : To turn on the Kerberos Key Distribution Center service: Click Start, point to Programs, click Administrative Tools, and then click Services. In the list of services, double-click Kerberos Key Distribution Center. Change the Startup Type setting to Automatic. Click OK. Restart the server. In IPSec environment, this may Indicate the export client cannot perform encryption stronger than DES; the resulting negotiation agrees only on DES (provided the other computer can do DES). |
| Reference Links | Disabled Kerberos Key Distribution Prevents Exchange Services from Starting IPSec: Security Audit Log Basic IPSec troubleshooting in Microsoft Windows 2000 Server |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.