none
Ip Security policy mistake: can't communicate with server

    Question

  • Hi, I've made a mistake in my ip security policy configuration:  I created a GPO which applied the "Secure Server" option.  When I applied this GPO to another server, communication broke to my other machines (now I get event 4653, An IPSec Main Mode Negotiation failed).  In an effort to restore communication, I tried to set up a local security policy on my DC, with a filter applying it to the machine in question, and set the filter action to "accept unsecured communication, but always respond using IPSEC.  This, however, doesn't work to set up a security association.

    Does anyone know of a reasonable way to restore communication between these two servers?


    Thanks,


    Kevin

    Monday, October 21, 2013 8:03 PM

Answers

  • So, the answer was pretty obvious. I had only applied the policy to a single server, so it didn't have another machine to talk to.  The solution: create a local security policy on my DC with a filter for the machine in question, and set the filter action to negotiate security.  It was easy enough once I got that done.

    Thanks for looking,


    Kevin

    Wednesday, October 23, 2013 12:32 AM

All replies