locked
UAG Direct Access RRS feed

  • Question

  • I have setup a single DA server (Windows Server 2008 R2 Standard) and a single client (Windows 7 Enterprise).  I am not having any luck at getting to connect while outside the of the Org. 

     

    When viewing the Security Event Log on the DA server I see the following:

     

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          5/23/2011 2:47:30 PM
    Event ID:      4653
    Task Category: IPsec Main Mode
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      server.corp.company.com
    Description:
    An IPsec main mode negotiation failed.

    Local Endpoint:
     Local Principal Name: -
     Network Address: 2002:c0fe:1a12::c0fe:1a12
     Keying Module Port: 500

    Remote Endpoint:
     Principal Name:  -
     Network Address: 2001:67c:e0::3
     Keying Module Port: 500

    Additional Information:
     Keying Module Name: AuthIP
     Authentication Method: Unknown authentication
     Role:   Initiator
     Impersonation State: Not enabled
     Main Mode Filter ID: 78464

    Failure Information:
     Failure Point:  Local computer
     Failure Reason:  Negotiation timed out

     State:   Sent first (SA) payload
     Initiator Cookie:  38572b6c4273bf51
     Responder Cookie: 0000000000000000
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>4653</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12547</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8010000000000000</Keywords>
        <TimeCreated SystemTime="2011-05-23T18:47:30.117408500Z" />
        <EventRecordID>121269</EventRecordID>
        <Correlation />
        <Execution ProcessID="472" ThreadID="2792" />
        <Channel>Security</Channel>
        <Computer>server.corp.company.com</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="LocalMMPrincipalName">-</Data>
        <Data Name="RemoteMMPrincipalName">-</Data>
        <Data Name="LocalAddress">2002:c0fe:1a12::c0fe:1a12</Data>
        <Data Name="LocalKeyModPort">500</Data>
        <Data Name="RemoteAddress">2001:67c:e0::3</Data>
        <Data Name="RemoteKeyModPort">500</Data>
        <Data Name="KeyModName">%%8223</Data>
        <Data Name="FailurePoint">%%8199</Data>
        <Data Name="FailureReason">Negotiation timed out
    </Data>
        <Data Name="MMAuthMethod">%%8194</Data>
        <Data Name="State">%%8202</Data>
        <Data Name="Role">%%8205</Data>
        <Data Name="MMImpersonationState">%%8217</Data>
        <Data Name="MMFilterID">78464</Data>
        <Data Name="InitiatorCookie">38572b6c4273bf51</Data>
        <Data Name="ResponderCookie">0000000000000000</Data>
      </EventData>
    </Event>

    Im not sure where to start to look.  They both have certificates.  At first I even used a 3rd party certificate for the IP-HTTPS but that didnt seem to work either.  Any help would be great.


    Robert Spilman
    Monday, May 23, 2011 6:58 PM