locked
Direct Access 2012 RRS feed

  • Question

  • How can we identify unsuccessful authentications/connections over windows server 2012 based  direct access? Is there any logs that can help us with it? 

    Regards

    Sunny

    Thursday, October 1, 2015 1:35 PM

All replies

  • Hi,

    yes, just start with this command to enable IPSEC logging on your DirectAccess Gateway : auditpol.exe /set /SubCategory:"IPsec Main Mode","IPsec Extended Mode" /success:enable /failure:enable

    Then you will be able to trace events in the security log such as :

      • Event ID 4653: Main Mode:   Failed:  An IPsec Main Mode Negotiation Failed
      • Event ID 4654: Quick Mode:   Failed:  An IPsec Quick Mode Negotiation Failed
      • Event ID 4984: Extended Mode:  Failed:  An IPsec Extended Mode Negotiation Failed. The corresponding Main Mode Security Association has been deleted.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    • Proposed as answer by BenoitSMVP Friday, October 2, 2015 1:02 PM
    Friday, October 2, 2015 1:02 PM