IPSec Services

[Keith]

In the Event Viewer Security log I get an event 615
Failure Audit message at every startup that reads -
"IPSec Services: IPSec Services failed to get the
complete list of network interfaces on the machine. This
can be a potential security hazard to the machine since
some of the network interfaces may not get the protection
as desired by the applied IPSec filters. Please run IPSec
monitor snap-in to further diagnose the problem."
Most times this message is immediately followed by an
event 615 Success Audit message that reads -
"IPSec Services: IPSec Services has started
successfully."
Sometimes the second message does not appear. My computer
is a stand-alone unit not connected to any network.
Should I be concerned by this Failure message?

 

[Dan]

Your problem is somewhat similar to mine; perhaps a wise
person can help us both out. Although my XP home system
is quite stable, I also get an IPSEC security audit
failure on each Windows startup:

"IPSec Services failed to initialize IKE module w/ error
code. The attempted operation is not supported for the
type of object referenced. IPSec Services could not be
started.
Event ID: 615
User: NT AUTHORITY\NETWORK SERVICE"

I also run a standalone system, connected to the internet
via cable modem. I don't expressly use IPSEC--perhaps my
third party firewall does. IPSEC service is configured
for AUTO start on my computer (I purchased and installed
XP Home following all the proper procedures, I think.)

I'm surprised that searching for this error message turns
up no really pertinent info on the huge Microsoft website!

 

[more2learn]

Dang-I was hoping there would be a reply to your question
because I'm having the same thing occur (the 615, among
others) although I also get it at times other than
startup. I've been trying to find information on
the "snap-in monitor" they mention, but haven't had any
luck so far. More information on the Event Log in general
would be nice...oh well, hopefully someone here can
direct us to a source or provide help themselves...I'll
keep looking in the meantime.

 

[Christopher Black [MSFT]]

IPsec provides the ability to secure network traffic. If you (or you admin)
have not explicity configured this capability; then there is no need to be
concerned with this message.

There exists the possibility that IPsec cannot sucessfully determine all the
network interfaces at boot; the log is indicating that IPsec may not be able
to protect all network interfaces if that occurs (becasue it cannot find out
about all of them). We are simply being safe by telling you that if you are
expecting IPsec to protect all interfaces . . . well it may not be becasue
we cannot find them all.

The snap-in is the 'IP Security Monitor' that can be accessed if you run the
MMC.exe app and add a snap-in. (It will tell you all the nterfaces that are
being protected if you have an active policy).

-- Chris

 

[more2learn]

Thank you for your help, Chris.

-----Original Message-----
IPsec provides the ability to secure network traffic. If you (or you admin)
have not explicity configured this capability; then there is no need to be
concerned with this message.

There exists the possibility that IPsec cannot sucessfully determine all the
network interfaces at boot; the log is indicating that IPsec may not be able
to protect all network interfaces if that occurs (becasue it cannot find out
about all of them). We are simply being safe by telling you that if you are
expecting IPsec to protect all interfaces . . . well it may not be becasue
we cannot find them all.

The snap-in is the 'IP Security Monitor' that can be accessed if you run the
MMC.exe app and add a snap-in. (It will tell you all the nterfaces that are
being protected if you have an active policy).

-- Chris




.