locked
Direct access infrastructure tunnle is not working RRS feed

  • Question

  • I have gone through the STEP by STEP implementation for UAG direct access

     Assigned a third party certificate for IP-HTTPS tunnel which is working fine , and assigned a computer certificate on both the da server and the client from my internal CA root ca however getting the below error :

    An IPsec main mode negotiation failed.

    Local Endpoint:

                   Local Principal Name:         -

                   Network Address: 2002:d47d:e6c3::d47d:e6c3

                   Keying Module Port:           500

    Remote Endpoint:

                   Principal Name:                   -

                   Network Address: 2002:d47d:e6c2:8100:4c6d:7b71:a125:5069

                   Keying Module Port:           500

    Additional Information:

                   Keying Module Name:        AuthIP

                   Authentication Method:     Unknown authentication

                   Role:                                     Responder

                   Impersonation State:          Not enabled

                   Main Mode Filter ID:           226087

    Failure Information:

                   Failure Point:                       Remote computer

                   Failure Reason:                    IKE authentication credentials are unacceptable

                   State:                                    Sent second (KE) payload

                   Initiator Cookie:                   b6895b51afa7adc9

                   Responder Cookie:              be39b4a8114d2610

    Wednesday, February 27, 2013 3:26 PM

All replies

  • no answer here ? please any suggestions ?

    Thursday, February 28, 2013 1:16 PM
  • Hi

    Can you provide result of the DirectAccess connectivity assistant log file? This is the main troubleshooting tool we have.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, February 28, 2013 3:14 PM
  • DirectAccess Connectivity Assistant Logs


    RED:  Corporate connectivity is not working.
    Your computer cannot connect to some  corporate resources. If the problem persists, contact your administrator.
    28/2/2013 15:56:28 (UTC)


    Probes List
    PASS - PING:  2002:d47d:e6c3::d47d:e6c3
    FAIL - FILE: \\ksa7\khalid\test.txt

    DTE  List
    PASS - PING: 2002:d47d:e6c3::d47d:e6c3
    PASS - PING:  2002:d47d:e6c2::d47d:e6c2

    ipconfig  /all
    netsh int teredo show state
    netsh int httpstunnel show interfaces
    netsh dns show state
    netsh  name show policy
    netsh name show  effective
    netsh adv mon show mmsa
    netsh nap client show state
    wevtutil query-events  Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text  /rd:true
    netsh int ipv6 show int  level=verbose
    netsh advf show  currentprofile
    netsh advfirewall monitor show  consec
    Certutil -store my
    Systeminfo
    whoami  /groups
    <big>
    ipconfig /all</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** ipconfig /all ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : FEM7 Primary Dns Suffix . . . . . . . : <a href="http://uecc.com" target="_blank">uecc.com</a> Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : <a href="http://uecc.com" target="_blank">uecc.com</a> lan System Quarantine State . . . . . : Not Restricted Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : <a href="http://uecc.com" target="_blank">uecc.com</a> Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 24-77-03-17-0D-0C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : 5C-26-0A-86-8F-DC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::89b2:2f05:7a03:cf3d%11(<WBR>Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.106(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 27 February 2013 13:24:27 Lease Expires . . . . . . . . . . : 01 March 2013 16:55:31 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 240920074 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-2E-BC-10-5C-26-<WBR>0A-86-8F-DC DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.lan: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter <a href="http://isatap.uecc.com" target="_blank">isatap.uecc.com</a>: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:d47d:e6c2:486:11ce:<WBR>3e2b:999f(Preferred) Link-local IPv6 Address . . . . . : fe80::486:11ce:3e2b:999f%29(<WBR>Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter iphttpsinterface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : iphttpsinterface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2002:d47d:e6c2:8100:d480:ab5d:<WBR>8157:1f9a(Preferred) Temporary IPv6 Address. . . . . . : 2002:d47d:e6c2:8100:4c6d:7b71:<WBR>a125:5069(Preferred) Link-local IPv6 Address . . . . . : fe80::d480:ab5d:8157:1f9a%19(<WBR>Preferred) Default Gateway . . . . . . . . . : fe80::f9da:f21d:4877:f6fd%19 NetBIOS over Tcpip. . . . . . . . : Disabled C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh int teredo show state</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh int teredo show state ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh int teredo show state Teredo Parameters ------------------------------<WBR>--------------- Type : enterpriseclient Server Name : 212.125.230.194 (Group Policy) Client Refresh Interval : 30 seconds Client Port : unspecified State : qualified Client Type : teredo host-specific relay Network : unmanaged NAT : symmetric (port) NAT Special Behaviour : UPNP: No, PortPreserving: No Local Mapping : <a href="http://192.168.1.106:56148" target="_blank">192.168.1.106:56148</a> External NAT Mapping : <a href="http://193.212.102.96:60977" target="_blank">193.212.102.96:60977</a> C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh int httpstunnel show interfaces</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh int httpstunnel show interfaces ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh int httpstunnel show interfaces Interface IPHTTPSInterface (Group Policy) Parameters ------------------------------<WBR>------------------------------ Role : client URL : <a href="https://publisher.uecc.com:443/IPHTTPS" target="_blank">https://publisher.uecc.com:<WBR>443/IPHTTPS</a> Last Error Code : 0x0 Interface Status : IPHTTPS interface active C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh dns show state</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh dns show state ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh dns show state Name Resolution Policy Table Options ------------------------------<WBR>------------------------------<WBR>-------- Query Failure Behavior : Always fall back to LLMNR and NetBIOS if the name does not exist in DNS or if the DNS servers are unreachable when on a private network Query Resolution Behavior : Resolve only IPv6 addresses for names Network Location Behavior : Let Network ID determine when Direct Access settings are to be used Machine Location : Outside corporate network Direct Access Settings : Configured and Enabled DNSSEC Settings : Not Configured C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh name show policy</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh name show policy ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh name show policy DNS Name Resolution Policy Table Settings Settings for <a href="http://crl.uecc.com" target="_blank">crl.uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://nls.uecc.com" target="_blank">nls.uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://publisher.uecc.com" target="_blank">publisher.uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for .<a href="http://uecc.com" target="_blank">uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:d47d:e6c3::d47d:e6c3 DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh name show effective</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh name show effective ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh name show effective DNS Effective Name Resolution Policy Table Settings Settings for <a href="http://crl.uecc.com" target="_blank">crl.uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://nls.uecc.com" target="_blank">nls.uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://publisher.uecc.com" target="_blank">publisher.uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for .<a href="http://uecc.com" target="_blank">uecc.com</a> ------------------------------<WBR>------------------------------<WBR>---------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:d47d:e6c3::d47d:e6c3 DirectAccess (Proxy Settings) : Bypass proxy C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh adv mon show mmsa</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh adv mon show mmsa ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh adv mon show mmsa No SAs match the specified criteria. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh nap client show state</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh nap client show state ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh nap client show state Client state: ------------------------------<WBR>---------------------- Name = Network Access Protection Client Description = Microsoft Network Access Protection Client Protocol version = 1.0 Status = Enabled Restriction state = Not restricted Troubleshooting URL = Restriction start time = Extended state = GroupPolicy = Not Configured Enforcement client state: ------------------------------<WBR>---------------------- Id = 79617 Name = DHCP Quarantine Enforcement Client Description = Provides DHCP based enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79619 Name = IPsec Relying Party Description = Provides IPsec based enforcement for Network Access Protection Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79621 Name = RD Gateway Quarantine Enforcement Client Description = Provides RD Gateway enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79622 Name = Microsoft Forefront UAG Quarantine Enforcement Client Description = Reports client health status. Version = 4.0.1773.10100 Vendor name = Microsoft Corporation Registration date = 12/07/2012 10:47:23 Initialized = Yes Id = 79623 Name = EAP Quarantine Enforcement Client Description = Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No System health agent (SHA) state: ------------------------------<WBR>---------------------- Id = 79744 Name = Windows Security Health Agent Description = The Windows Security Health Agent monitors security settings on your computer. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = Yes Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (3237937214) - The Windows Security Health Agent has finished updating the security state of this computer. Compliance results = Remediation results = Id = 79745 Name = Configuration Manager System Health Agent Description = Configuration Manager System Health Agent Version = 1 Vendor name = Microsoft Corporation Registration date = 11/09/2012 07:14:59 Initialized = No Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (0) - Id = 88048 Name = Intel(R) AMT SHA Description = Intel(R) AMT SHA Application Version = VER_PRODUCTVERSION_STR Vendor name = Intel(R) Registration date = 01/12/2011 10:42:48 Initialized = No Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (0) - Ok. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    wevtutil query-events  Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text  /rd:true</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** wevtutil query-events Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational /count:20 /format:text /rd:true ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>wevtutil query-events Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational /count:20 /format:text /rd:true Event[0]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:27:20.876 Event ID: 1007 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent completed an offline scan. Event[1]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:26:36.525 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:26:36.509Z was sent to the enforcment client 79622. Event[2]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:26:36.525 Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:26:36.509Z was received from the System Health Agent 79744. The duration to check the client's health was 15 ms. Event[3]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:36.525 Event ID: 1025 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent specified a new security health state for the computer. The correlation id for this transaction is {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:26:36.509Z Event[4]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:35.495 Event ID: 1000 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent detected a change in the status of Antispyware. Event[5]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:35.495 Event ID: 1027 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent notified the Windows Network Access Protection Service of a change in the security health state of the computer. Event[6]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:35.495 Event ID: 1023 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Center detected a system health state change. The change in state was also successfully detected by the Windows Security Health Agent. Event[7]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:35.495 Event ID: 1000 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent detected a change in the status of Antivirus. Event[8]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:26:34.700 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:26:34.544Z was sent to the enforcment client 79622. Event[9]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:26:34.684 Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:26:34.544Z was received from the System Health Agent 79744. The duration to check the client's health was 140 ms. Event[10]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:34.684 Event ID: 1025 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent specified a new security health state for the computer. The correlation id for this transaction is {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:26:34.544Z Event[11]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:33.499 Event ID: 1027 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent notified the Windows Network Access Protection Service of a change in the security health state of the computer. Event[12]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:33.499 Event ID: 1023 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Center detected a system health state change. The change in state was also successfully detected by the Windows Security Health Agent. Event[13]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:33.499 Event ID: 1000 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent detected a change in the status of Antispyware. Event[14]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:26:33.499 Event ID: 1000 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent detected a change in the status of Antivirus. Event[15]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:24:30.300 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:24:30.300Z was sent to the enforcment client 79622. Event[16]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:24:30.300 Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:24:30.300Z was received from the System Health Agent 79744. The duration to check the client's health was 0 ms. Event[17]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:24:30.300 Event ID: 1025 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent specified a new security health state for the computer. The correlation id for this transaction is {4E9B005E-4B3F-4C85-BC0A-<WBR>7FD0F2D0ED72} - 2013-02-27 12:24:30.300Z Event[18]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>NetworkAccessProtection Date: 2013-02-27T13:24:30.300 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The enforcement client 79622 successfully initialized. Event[19]: Log Name: Microsoft-Windows-<WBR>NetworkAccessProtection/<WBR>Operational Source: Microsoft-Windows-<WBR>SystemHealthAgent Date: 2013-02-27T13:24:29.333 Event ID: 1002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Description: The Windows Security Health Agent was initialized successfully. Scan Interval: 1320 minutes. Time delay before first scan: 45 seconds. Time interval between manual remediation state change: 15 seconds. Manual remediation timeout interval: 150 seconds. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
     Reply
     Forward
    Thursday, February 28, 2013 4:13 PM
  • <big>
    netsh int ipv6 show int level=verbose</big><textarea cols="100" rows="35">netsh int ipv6 show int level=verbose </textarea>
    <big>
    netsh advf show currentprofile</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh advf show currentprofile ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh advf show currentprofile Public Profile Settings: ------------------------------<WBR>------------------------------<WBR>---------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Enable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\<WBR>LogFiles\Firewall\pfirewall.<WBR>log MaxFileSize 4096 Ok. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    netsh advfirewall monitor show consec</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** netsh advfirewall monitor show consec ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>netsh advfirewall monitor show consec Global Settings: ------------------------------<WBR>------------------------------<WBR>---------- IPsec: StrongCRLCheck 0:Disabled SAIdleTimeMin 5min DefaultExemptions ICMP IPsecThroughNAT Never AuthzUserGrp None AuthzComputerGrp None StatefulFTP Enable StatefulPPTP Enable Main Mode: KeyLifetime 60min,0sess SecMethods DHGroup2-AES128-SHA256,<WBR>DHGroup2-AES128-SHA1,DHGroup2-<WBR>3DES-SHA1 ForceDH No Categories: BootTimeRuleCategory Windows Firewall FirewallRuleCategory Windows Firewall StealthRuleCategory Windows Firewall ConSecRuleRuleCategory Windows Firewall Quick Mode: QuickModeSecMethods ESP:SHA1-None+60min+100000kb,<WBR>ESP:SHA1-AES128+60min+<WBR>100000kb,ESP:SHA1-3DES+60min+<WBR>100000kb,AH:SHA1+60min+<WBR>100000kb QuickModePFS None Security Associations: No SAs match the specified criteria. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    Certutil -store my</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** Certutil -store my ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>Certutil -store my my ================ Certificate 0 ================ Serial Number: 1663ed1e0001000018ec Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:40 NotAfter: 28/02/2015 16:40 Subject: CN=<a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Certificate Template Name (Certificate Type): IPSECIntermediateOnline Non-root Certificate Template: IPSECIntermediateOnline Cert Hash(sha1): f2 a5 18 56 38 c2 c8 2a bb 2e 20 37 52 34 20 f9 ae 9d e8 e2 Key Container = b7a50bd6778dae98e599c69bf82593<WBR>02_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-IPSECIntermediateOnline-<WBR>a7e4df68-772a-4374-bdf2-<WBR>63a51ceefaa3 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 1 ================ Archived! Serial Number: 2a8e24560001000011be Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 01/12/2011 11:39 NotAfter: 30/11/2012 11:39 Subject: CN=<a href="http://CSI3.uecc.com" target="_blank">CSI3.uecc.com</a> Certificate Template Name (Certificate Type): Machine Non-root Certificate Template: Machine Cert Hash(sha1): e2 f4 18 f1 1b 28 ec db 82 76 ce 0d 4e e9 59 c3 ab 14 54 11 Key Container = b910beddf6fdd84fa51e72cc1c3c49<WBR>5a_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-Machine-faffee82-d095-4054-<WBR>8224-d4c5879bb887 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 2 ================ Archived! Serial Number: 2a6279710001000011ba Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 01/12/2011 10:51 NotAfter: 01/12/2013 11:01 Subject: EMPTY (DNS Name=<a href="http://ES3.uecc.com" target="_blank">ES3.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.5183070.12869032 Cert Hash(sha1): d6 b0 5b 93 fe 68 2a 9c 4e ac 55 d7 8a cd f5 b2 29 94 58 a5 Key Container = 37f8598f7835e82f5956a7c8ffb4dc<WBR>b0_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-WirelessUserAccess-<WBR>81625a7c-0ee4-45aa-b4eb-<WBR>a5eb139b15e1 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 3 ================ Serial Number: 16646eb20001000018ef Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:41 NotAfter: 28/02/2015 16:51 Subject: EMPTY (DNS Name=<a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.15817338.3019720 Cert Hash(sha1): be 96 5b e8 95 a0 f7 20 b9 bc bf 94 b6 63 8f af e8 53 2a b2 Key Container = le-DA-8c77547f-b64e-4d60-9461-<WBR>a7b2354e46e7 Unique container name: 6c39fab89f5f1c81fc0f8e044210eb<WBR>62_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Provider = Microsoft Software Key Storage Provider Encryption test passed ================ Certificate 4 ================ Archived! Serial Number: 3ba630070001000016cd Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 22/10/2012 08:01 NotAfter: 22/10/2013 08:01 Subject: CN=<a href="http://CSI3.uecc.com" target="_blank">CSI3.uecc.com</a> Certificate Template Name (Certificate Type): Machine Non-root Certificate Template: Machine Cert Hash(sha1): b9 56 78 15 5d da c4 9e d7 ae 4e 65 3c 9d 03 0c 35 23 00 e8 Key Container = a4650c7d58bbed60f33c870f56374a<WBR>2d_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-Machine-debac707-77c0-4a5e-<WBR>9abe-1119adfb9ab3 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 5 ================ Archived! Serial Number: 3ba630a30001000016ce Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 22/10/2012 08:01 NotAfter: 22/10/2014 08:11 Subject: EMPTY (DNS Name=<a href="http://CSI3.uecc.com" target="_blank">CSI3.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.1.30 Cert Hash(sha1): a7 9d 96 82 27 84 4a fd 17 ab f7 00 fd d1 bc d9 bd 2c 39 89 Key Container = b2a5687c13a700c4f068b876eb74eb<WBR>4e_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-Workstation-bac89fa3-b4ad-<WBR>4419-a3d4-340f190b4395 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 6 ================ Serial Number: 1663eb590001000018eb Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:40 NotAfter: 28/02/2015 16:50 Subject: EMPTY (DNS Name=<a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.15817338.3019720 Cert Hash(sha1): 98 c8 e1 3e 85 dd b1 a3 45 d3 e3 15 7f 52 b6 80 90 9e 26 6e Key Container = le-DA-066e26e1-8257-4aa8-a157-<WBR>aa22816fe798 Unique container name: 09896aca25ba315092ca4dc139a024<WBR>98_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Provider = Microsoft Software Key Storage Provider Encryption test passed ================ Certificate 7 ================ Archived! Serial Number: 2a6279030001000011b9 Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 01/12/2011 10:51 NotAfter: 30/11/2013 10:51 Subject: CN=<a href="http://ES3.uecc.com" target="_blank">ES3.uecc.com</a> Certificate Template Name (Certificate Type): IPSECIntermediateOnline Non-root Certificate Template: IPSECIntermediateOnline Cert Hash(sha1): 86 50 b1 54 45 ab 78 e8 f2 e1 7c 04 e3 ab 07 fd e6 f2 51 25 Key Container = 4b43842c92f20914cda55df274098d<WBR>dc_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-IPSECIntermediateOnline-<WBR>cea900f1-eb74-4d9b-8bf1-<WBR>7c9a2b27f6c8 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 8 ================ Serial Number: 1663e9070001000018ea Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:40 NotAfter: 28/02/2014 16:40 Subject: CN=<a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a> Certificate Template Name (Certificate Type): Machine Non-root Certificate Template: Machine Cert Hash(sha1): 6f e9 76 06 15 0a cc 72 df c9 f2 fd 22 b2 53 c7 f6 ed 93 50 Key Container = c55844ead26432046ed96b52e50e48<WBR>1e_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-Machine-907acf2d-b8de-42b3-<WBR>a92c-ab9944e6324f Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 9 ================ Archived! Serial Number: 2a8e256f0001000011bf Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 01/12/2011 11:39 NotAfter: 30/11/2013 11:39 Subject: CN=<a href="http://CSI3.uecc.com" target="_blank">CSI3.uecc.com</a> Certificate Template Name (Certificate Type): IPSECIntermediateOnline Non-root Certificate Template: IPSECIntermediateOnline Cert Hash(sha1): 57 99 54 e3 7e b0 ad 25 68 8a c8 04 5c 4d 18 24 2b 19 01 68 Key Container = 06d4fe6a9c11f69935b57f1650c69a<WBR>9a_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-IPSECIntermediateOnline-<WBR>c7e5059c-57c2-48b4-af44-<WBR>fbd3e75382df Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 10 ================ Serial Number: 1663f0d70001000018ee Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:40 NotAfter: 28/02/2015 16:50 Subject: EMPTY (DNS Name=<a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.1.30 Cert Hash(sha1): 53 9b a3 b6 b7 50 bc 95 4f 72 64 0c 10 8a ae a9 29 50 61 fc Key Container = 35be4bf5aa4a5ad8b8a5745ff01cdd<WBR>68_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-Workstation-b3517943-8c13-<WBR>47d1-9c9a-afc205810b1e Provider = Microsoft Strong Cryptographic Provider Encryption test passed ================ Certificate 11 ================ Archived! Serial Number: 2a8e26590001000011c0 Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 01/12/2011 11:39 NotAfter: 01/12/2013 11:49 Subject: EMPTY (DNS Name=<a href="http://CSI3.uecc.com" target="_blank">CSI3.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.5183070.12869032 Cert Hash(sha1): 3b b2 cf a0 d4 a9 8a 7b 52 7c 84 24 89 86 03 a5 0b 43 44 73 Key Container = d2f943376a2d88766e5c419603ca14<WBR>ec_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-WirelessUserAccess-<WBR>76bf7781-b13a-4d30-b242-<WBR>a0a150f5c5ad Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 12 ================ Archived! Serial Number: 2a6277ea0001000011b8 Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 01/12/2011 10:51 NotAfter: 30/11/2012 10:51 Subject: CN=<a href="http://ES3.uecc.com" target="_blank">ES3.uecc.com</a> Certificate Template Name (Certificate Type): Machine Non-root Certificate Template: Machine Cert Hash(sha1): 20 6b 3c f2 59 3f 20 1f 37 05 b8 f0 c2 a0 57 8e 81 b7 74 ed Key Container = 6b3011c8e88eb317d8aac1d4cc1ea8<WBR>0e_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-Machine-99949e9f-3d64-44a5-<WBR>b93f-0f2c5d0ee60c Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed ================ Certificate 13 ================ Serial Number: 1663ee660001000018ed Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:40 NotAfter: 28/02/2015 16:50 Subject: EMPTY (DNS Name=<a href="http://FEM7.uecc.com" target="_blank">FEM7.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.<WBR>6873182.1459850.15979029.<WBR>5402139.135.5183070.12869032 Cert Hash(sha1): 11 62 8a a6 66 5a bc b5 f2 a6 4f 67 24 dc 1f 18 72 51 af c5 Key Container = c38f0caf7576b968304d484a6c3b62<WBR>f6_ec1f80a2-0687-452b-b69e-<WBR>845ab1d54554 Simple container name: le-WirelessUserAccess-<WBR>2a3c0638-7f07-4bad-b3e0-<WBR>8b9fae093611 Provider = Microsoft RSA SChannel Cryptographic Provider Private key is NOT exportable Encryption test passed CertUtil: -store command completed successfully. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    Systeminfo</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** Systeminfo ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>Systeminfo Host Name: FEM7 OS Name: Microsoft Windows 7 Ultimate OS Version: 6.1.7601 Service Pack 1 Build 7601 OS Manufacturer: Microsoft Corporation OS Configuration: Member Workstation OS Build Type: Multiprocessor Free Registered Owner: admin Registered Organization: Microsoft Product ID: 00426-OEM-8992662-00400 Original Install Date: 01/12/2011, 10:27:58 System Boot Time: 28/02/2013, 14:53:47 System Manufacturer: Dell Inc. System Model: Latitude E6420 System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 42 Stepping 7 GenuineIntel ~1775 Mhz BIOS Version: Dell Inc. A06, 11/07/2011 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume2 System Locale: en-gb;English (United Kingdom) Input Locale: en-gb;English (United Kingdom) Time Zone: (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Total Physical Memory: 8,073 MB Available Physical Memory: 5,874 MB Virtual Memory: Max Size: 16,144 MB Virtual Memory: Available: 13,669 MB Virtual Memory: In Use: 2,475 MB Page File Location(s): C:\pagefile.sys Domain: <a href="http://uecc.com" target="_blank">uecc.com</a> Logon Server: N/A Hotfix(s): 143 Hotfix(s) Installed. [01]: 982861 [02]: KB971033 [03]: KB2393802 [04]: KB2425227 [05]: KB2459268 [06]: KB2475792 [07]: KB2476490 [08]: KB2478662 [09]: KB2479943 [10]: KB2482122 [11]: KB2484033 [12]: KB2488113 [13]: KB2491683 [14]: KB2492386 [15]: KB2495523 [16]: KB2496898 [17]: KB2503665 [18]: KB2505438 [19]: KB2506014 [20]: KB2506212 [21]: KB2506928 [22]: KB2507618 [23]: KB2509553 [24]: KB2511250 [25]: KB2511455 [26]: KB2515325 [27]: KB2518869 [28]: KB2519736 [29]: KB2522422 [30]: KB2524375 [31]: KB2529073 [32]: KB2529825 [33]: KB2532531 [34]: KB2533552 [35]: KB2536275 [36]: KB2536276 [37]: KB2539635 [38]: KB2541014 [39]: KB2544893 [40]: KB2545698 [41]: KB2547666 [42]: KB2550648 [43]: KB2552343 [44]: KB2555917 [45]: KB2556532 [46]: KB2559049 [47]: KB2560656 [48]: KB2562937 [49]: KB2563227 [50]: KB2563894 [51]: KB2564958 [52]: KB2567680 [53]: KB2570947 [54]: KB2579686 [55]: KB2584146 [56]: KB2585542 [57]: KB2603229 [58]: KB2604115 [59]: KB2618451 [60]: KB2619339 [61]: KB2620704 [62]: KB2620712 [63]: KB2621440 [64]: KB2631813 [65]: KB2633952 [66]: KB2640148 [67]: KB2644615 [68]: KB2645640 [69]: KB2647753 [70]: KB2653956 [71]: KB2654428 [72]: KB2655992 [73]: KB2656356 [74]: KB2656373 [75]: KB2656411 [76]: KB2658846 [77]: KB2659262 [78]: KB2660075 [79]: KB2660649 [80]: KB2661254 [81]: KB2667402 [82]: KB2676562 [83]: KB2677070 [84]: KB2679255 [85]: KB2685811 [86]: KB2685813 [87]: KB2685939 [88]: KB2686831 [89]: KB2688338 [90]: KB2690533 [91]: KB2691442 [92]: KB2695962 [93]: KB2698365 [94]: KB2699779 [95]: KB2705219 [96]: KB2709630 [97]: KB2709715 [98]: KB2712808 [99]: KB2718704 [100]: KB2719857 [101]: KB2719985 [102]: KB2722913 [103]: KB2724197 [104]: KB2727528 [105]: KB2729094 [106]: KB2729452 [107]: KB2731847 [108]: KB2732059 [109]: KB2732487 [110]: KB2732500 [111]: KB2735855 [112]: KB2736233 [113]: KB2736422 [114]: KB2739159 [115]: KB2741355 [116]: KB2742599 [117]: KB2743555 [118]: KB2749655 [119]: KB2750841 [120]: KB2753842 [121]: KB2756921 [122]: KB2757638 [123]: KB2758857 [124]: KB2761217 [125]: KB2761465 [126]: KB2762895 [127]: KB2763523 [128]: KB2769369 [129]: KB2770660 [130]: KB2778344 [131]: KB2778930 [132]: KB2779030 [133]: KB2779562 [134]: KB2785220 [135]: KB2786081 [136]: KB2789645 [137]: KB2790655 [138]: KB2792100 [139]: KB2797052 [140]: KB958488 [141]: KB976002 [142]: KB976902 [143]: KB982018 Network Card(s): 2 NIC(s) Installed. [01]: Intel(R) 82579LM Gigabit Network Connection Connection Name: Local Area Connection DHCP Enabled: Yes DHCP Server: 192.168.1.1 IP address(es) [01]: 192.168.1.106 [02]: fe80::89b2:2f05:7a03:cf3d [02]: Intel(R) Centrino(R) Ultimate-N 6300 AGN Connection Name: Wireless Network Connection Status: Media disconnected C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    <big>
    whoami /groups</big><textarea cols="100" rows="35">******************************<WBR>******************************<WBR>*************** whoami /groups ******************************<WBR>******************************<WBR>*************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}>whoami /groups GROUP INFORMATION ----------------- Group Name Type SID Attributes ==============================<WBR>======== ================ ============ ==============================<WBR>==================== BUILTIN\Administrators Alias S-1-5-32-544 Enabled by default, Enabled group, Group owner Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group Mandatory Label\System Mandatory Level Label S-1-16-16384 C:\Windows\system32\LogSpace\{<WBR>5649A564-DBF1-4B3C-8566-<WBR>03FFB38A985E}></textarea>
    Thursday, February 28, 2013 4:14 PM
  • do you want me to send you the logs by email or here ?

    Thursday, February 28, 2013 5:36 PM
  • so many certificate in the computer store, you might remove notnrequired certificate, having multiple certificates with same fqdn may lead to ipsec negociation problem.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, February 28, 2013 9:46 PM
  • Please note as well that I have IPV6 only on UAG and the client side  , all my internal servers and domain controller have only IPV4 and from the deployment guide as I understood its OK

    Friday, March 1, 2013 7:48 AM
  • DirectAccess Connectivity Assistant Logs


    RED: Corporate connectivity is not working.
    Your computer cannot connect to some corporate resources. If the problem persists, contact your administrator.
    1/3/2013 9:8:20 (UTC)


    Probes List
    PASS - PING: 2002:d47d:e6c3::d47d:e6c3
    FAIL - FILE: \\ksa7\khalid\test.txt

    DTE List
    PASS - PING: 2002:d47d:e6c3::d47d:e6c3
    PASS - PING: 2002:d47d:e6c2::d47d:e6c2

    ipconfig /all
    netsh int teredo show state
    netsh int httpstunnel show interfaces
    netsh dns show state
    netsh name show policy
    netsh name show effective
    netsh adv mon show mmsa
    netsh nap client show state
    wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true
    netsh int ipv6 show int level=verbose
    netsh advf show currentprofile
    netsh advfirewall monitor show consec
    Certutil -store my
    Systeminfo
    whoami /groups

    ipconfig /all
    *************************************************************************** ipconfig /all *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : FEM7 Primary Dns Suffix . . . . . . . : <a href="http://uecc.com">uecc.com</a> Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : <a href="http://uecc.com">uecc.com</a> lan System Quarantine State . . . . . : Not Restricted Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : <a href="http://uecc.com">uecc.com</a> Description . . . . . . . . . . . : Intel(R) Centrino(R) Ultimate-N 6300 AGN Physical Address. . . . . . . . . : 24-77-03-17-0D-0C DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection Physical Address. . . . . . . . . : 5C-26-0A-86-8F-DC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::89b2:2f05:7a03:cf3d%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.73(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 01 March 2013 10:07:56 Lease Expires . . . . . . . . . . : 02 March 2013 10:07:55 Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 240920074 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-2E-BC-10-5C-26-0A-86-8F-DC DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter isatap.lan: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : lan Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:d47d:e6c2:28b5:3581:3e2b:999f(Preferred) Link-local IPv6 Address . . . . . : fe80::28b5:3581:3e2b:999f%19(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter iphttpsinterface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : iphttpsinterface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2002:d47d:e6c2:8100:d480:ab5d:8157:1f9a(Preferred) Temporary IPv6 Address. . . . . . : 2002:d47d:e6c2:8100:e914:26b6:5145:8542(Preferred) Link-local IPv6 Address . . . . . : fe80::d480:ab5d:8157:1f9a%18(Preferred) Default Gateway . . . . . . . . . : fe80::f9da:f21d:4877:f6fd%18 NetBIOS over Tcpip. . . . . . . . : Disabled C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh int teredo show state
    *************************************************************************** netsh int teredo show state *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh int teredo show state Teredo Parameters --------------------------------------------- Type : enterpriseclient Server Name : 212.125.230.194 (Group Policy) Client Refresh Interval : 30 seconds Client Port : unspecified State : qualified Client Type : teredo host-specific relay Network : managed NAT : symmetric (port) NAT Special Behaviour : UPNP: No, PortPreserving: No Local Mapping : <a href="http://192.168.1.73:56148">192.168.1.73:56148</a> External NAT Mapping : <a href="http://193.212.102.96:51838">193.212.102.96:51838</a> C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh int httpstunnel show interfaces
    *************************************************************************** netsh int httpstunnel show interfaces *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh int httpstunnel show interfaces Interface IPHTTPSInterface (Group Policy) Parameters ------------------------------------------------------------ Role : client URL : <a href="https://publisher.uecc.com:443/IPHTTPS">https://publisher.uecc.com:443/IPHTTPS</a> Last Error Code : 0x0 Interface Status : IPHTTPS interface active C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh dns show state
    *************************************************************************** netsh dns show state *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh dns show state Name Resolution Policy Table Options -------------------------------------------------------------------- Query Failure Behavior : Always fall back to LLMNR and NetBIOS if the name does not exist in DNS or if the DNS servers are unreachable when on a private network Query Resolution Behavior : Resolve only IPv6 addresses for names Network Location Behavior : Let Network ID determine when Direct Access settings are to be used Machine Location : Outside corporate network Direct Access Settings : Configured and Enabled DNSSEC Settings : Not Configured C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh name show policy
    *************************************************************************** netsh name show policy *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh name show policy DNS Name Resolution Policy Table Settings Settings for <a href="http://crl.uecc.com">crl.uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://nls.uecc.com">nls.uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://publisher.uecc.com">publisher.uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Use default browser settings Settings for .<a href="http://uecc.com">uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled DNSSEC (IPsec) : disabled DirectAccess (DNS Servers) : 2002:d47d:e6c3::d47d:e6c3 DirectAccess (IPsec) : disabled DirectAccess (Proxy Settings) : Bypass proxy C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh name show effective
    *************************************************************************** netsh name show effective *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh name show effective DNS Effective Name Resolution Policy Table Settings Settings for <a href="http://crl.uecc.com">crl.uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://nls.uecc.com">nls.uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for <a href="http://publisher.uecc.com">publisher.uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : DirectAccess (Proxy Settings) : Use default browser settings Settings for .<a href="http://uecc.com">uecc.com</a> ---------------------------------------------------------------------- Certification authority : DC=com, DC=uecc, CN=UECC DC45 DNSSEC (Validation) : disabled IPsec settings : disabled DirectAccess (DNS Servers) : 2002:d47d:e6c3::d47d:e6c3 DirectAccess (Proxy Settings) : Bypass proxy C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh adv mon show mmsa
    *************************************************************************** netsh adv mon show mmsa *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh adv mon show mmsa No SAs match the specified criteria. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh nap client show state
    *************************************************************************** netsh nap client show state *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh nap client show state Client state: ---------------------------------------------------- Name = Network Access Protection Client Description = Microsoft Network Access Protection Client Protocol version = 1.0 Status = Enabled Restriction state = Not restricted Troubleshooting URL = Restriction start time = Extended state = GroupPolicy = Not Configured Enforcement client state: ---------------------------------------------------- Id = 79617 Name = DHCP Quarantine Enforcement Client Description = Provides DHCP based enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79619 Name = IPsec Relying Party Description = Provides IPsec based enforcement for Network Access Protection Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79621 Name = RD Gateway Quarantine Enforcement Client Description = Provides RD Gateway enforcement for NAP Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No Id = 79622 Name = Microsoft Forefront UAG Quarantine Enforcement Client Description = Reports client health status. Version = 4.0.1773.10100 Vendor name = Microsoft Corporation Registration date = 12/07/2012 10:47:23 Initialized = Yes Id = 79623 Name = EAP Quarantine Enforcement Client Description = Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = No System health agent (SHA) state: ---------------------------------------------------- Id = 79744 Name = Windows Security Health Agent Description = The Windows Security Health Agent monitors security settings on your computer. Version = 1.0 Vendor name = Microsoft Corporation Registration date = Initialized = Yes Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (3237937214) - The Windows Security Health Agent has finished updating the security state of this computer. Compliance results = Remediation results = Id = 79745 Name = Configuration Manager System Health Agent Description = Configuration Manager System Health Agent Version = 1 Vendor name = Microsoft Corporation Registration date = 11/09/2012 07:14:59 Initialized = No Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (0) - Id = 88048 Name = Intel(R) AMT SHA Description = Intel(R) AMT SHA Application Version = VER_PRODUCTVERSION_STR Vendor name = Intel(R) Registration date = 01/12/2011 10:42:48 Initialized = No Failure category = None Remediation state = Success Remediation percentage = 0 Fixup Message = (0) - Ok. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true
    *************************************************************************** wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>wevtutil query-events Microsoft-Windows-NetworkAccessProtection/Operational /count:20 /format:text /rd:true Event[0]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:08:01.013 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-03-01 09:08:00.971Z was sent to the enforcment client 79622. Event[1]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:08:01.003 Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-03-01 09:08:00.971Z was received from the System Health Agent 79744. The duration to check the client's health was 30 ms. Event[2]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T10:08:01.003 Event ID: 1025 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent specified a new security health state for the computer. The correlation id for this transaction is {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-03-01 09:08:00.971Z Event[3]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:08:00.943 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The enforcement client 79622 successfully initialized. Event[4]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T10:07:58.679 Event ID: 1002 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent was initialized successfully. Scan Interval: 1320 minutes. Time delay before first scan: 45 seconds. Time interval between manual remediation state change: 15 seconds. Manual remediation timeout interval: 150 seconds. Event[5]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:07:58.663 Event ID: 4 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The System Health Agent 79744 successfully initialized. Event[6]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:07:58.554 Event ID: 9 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The enforcement client 79871 successfully initialized. Event[7]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:07:58.429 Event ID: 26 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The NAP service has started. NAP has the following information for this computer: Computer name is <a href="http://FEM7.uecc.com">FEM7.uecc.com</a>. Domain status is: Domain Joined. The build number is: 7601. The OS SKU is: CLIENT. The service pack version is: 1.0. The processor type is: x64 (AMD or Intel). Event[8]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T10:07:23.289 Event ID: 1004 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent was uninitialized successfully. Event[9]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:07:23.289 Event ID: 5 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The System Health Agent 79744 successfully uninitialized. Event[10]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T10:07:23.289 Event ID: 10 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The enforcement client 79871 successfully uninitialized. Event[11]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T10:07:23.008 Event ID: 1023 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Center detected a system health state change. The change in state was also successfully detected by the Windows Security Health Agent. Event[12]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T08:44:32.055 Event ID: 1007 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent completed an offline scan. Event[13]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T08:43:47.593 Event ID: 28 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-03-01 07:43:47.593Z was sent to the enforcment client 79622. Event[14]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-NetworkAccessProtection Date: 2013-03-01T08:43:47.593 Event ID: 27 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: A Statement of Health with correlation ID {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-03-01 07:43:47.593Z was received from the System Health Agent 79744. The duration to check the client's health was 0 ms. Event[15]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T08:43:47.593 Event ID: 1025 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent specified a new security health state for the computer. The correlation id for this transaction is {4E9B005E-4B3F-4C85-BC0A-7FD0F2D0ED72} - 2013-03-01 07:43:47.593Z Event[16]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T08:43:46.579 Event ID: 1027 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent notified the Windows Network Access Protection Service of a change in the security health state of the computer. Event[17]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T08:43:46.579 Event ID: 1023 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Center detected a system health state change. The change in state was also successfully detected by the Windows Security Health Agent. Event[18]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T08:43:46.579 Event ID: 1000 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent detected a change in the status of Antispyware. Event[19]: Log Name: Microsoft-Windows-NetworkAccessProtection/Operational Source: Microsoft-Windows-SystemHealthAgent Date: 2013-03-01T08:43:46.579 Event ID: 1000 Task: N/A Level: Information Opcode: Info Keyword: N/A User: S-1-5-20 User Name: NT AUTHORITY\NETWORK SERVICE Computer: <a href="http://FEM7.uecc.com">FEM7.uecc.com</a> Description: The Windows Security Health Agent detected a change in the status of Antivirus. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh int ipv6 show int level=verbose
    *************************************************************************** netsh int ipv6 show int level=verbose *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh int ipv6 show int level=verbose Interface Loopback Pseudo-Interface 1 Parameters ---------------------------------------------- IfLuid : loopback_0 IfIndex : 1 State : connected Metric : 50 Link MTU : 4294967295 bytes Reachable Time : 16500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : disabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : enabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Wireless Network Connection Parameters ---------------------------------------------- IfLuid : wireless_0 IfIndex : 15 State : disconnected Metric : 50 Link MTU : 1500 bytes Reachable Time : 43000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : enabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Local Area Connection Parameters ---------------------------------------------- IfLuid : ethernet_6 IfIndex : 11 State : connected Metric : 10 Link MTU : 1500 bytes Reachable Time : 32000 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : enabled Other Stateful Configuration : enabled Weak Host Sends : enabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface isatap.lan Parameters ---------------------------------------------- IfLuid : tunnel_7 IfIndex : 16 State : disconnected Metric : 50 Link MTU : 1280 bytes Reachable Time : 18500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : disabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : enabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface Teredo Tunneling Pseudo-Interface Parameters ---------------------------------------------- IfLuid : tunnel_8 IfIndex : 19 State : connected Metric : 50 Link MTU : 1280 bytes Reachable Time : 14500 ms Base Reachable Time : 15000 ms Retransmission Interval : 2000 ms DAD Transmits : 0 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : enabled Weak Host Receives : enabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled Interface iphttpsinterface Parameters ---------------------------------------------- IfLuid : tunnel_9 IfIndex : 18 State : connected Metric : 50 Link MTU : 1280 bytes Reachable Time : 16500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : disabled Weak Host Sends : enabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 0 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh advf show currentprofile
    *************************************************************************** netsh advf show currentprofile *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh advf show currentprofile Public Profile Settings: ---------------------------------------------------------------------- State ON Firewall Policy BlockInbound,AllowOutbound LocalFirewallRules N/A (GPO-store only) LocalConSecRules N/A (GPO-store only) InboundUserNotification Enable RemoteManagement Enable UnicastResponseToMulticast Enable Logging: LogAllowedConnections Disable LogDroppedConnections Disable FileName %systemroot%\system32\LogFiles\Firewall\pfirewall.log MaxFileSize 4096 Ok. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    netsh advfirewall monitor show consec
    *************************************************************************** netsh advfirewall monitor show consec *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>netsh advfirewall monitor show consec Global Settings: ---------------------------------------------------------------------- IPsec: StrongCRLCheck 0:Disabled SAIdleTimeMin 5min DefaultExemptions ICMP IPsecThroughNAT Never AuthzUserGrp None AuthzComputerGrp None StatefulFTP Enable StatefulPPTP Enable Main Mode: KeyLifetime 60min,0sess SecMethods DHGroup2-AES128-SHA256,DHGroup2-AES128-SHA1,DHGroup2-3DES-SHA1 ForceDH No Categories: BootTimeRuleCategory Windows Firewall FirewallRuleCategory Windows Firewall StealthRuleCategory Windows Firewall ConSecRuleRuleCategory Windows Firewall Quick Mode: QuickModeSecMethods ESP:SHA1-None+60min+100000kb,ESP:SHA1-AES128+60min+100000kb,ESP:SHA1-3DES+60min+100000kb,AH:SHA1+60min+100000kb QuickModePFS None Security Associations: No SAs match the specified criteria. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    Certutil -store my
    *************************************************************************** Certutil -store my *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>Certutil -store my my ================ Certificate 0 ================ Serial Number: 1663eb590001000018eb Issuer: CN=UECC DC45, DC=uecc, DC=com NotBefore: 28/02/2013 16:40 NotAfter: 28/02/2015 16:50 Subject: EMPTY (DNS Name=<a href="http://FEM7.uecc.com">FEM7.uecc.com</a>) Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.13224813.6873182.1459850.15979029.5402139.135.15817338.3019720 Cert Hash(sha1): 98 c8 e1 3e 85 dd b1 a3 45 d3 e3 15 7f 52 b6 80 90 9e 26 6e Key Container = le-DA-066e26e1-8257-4aa8-a157-aa22816fe798 Unique container name: 09896aca25ba315092ca4dc139a02498_ec1f80a2-0687-452b-b69e-845ab1d54554 Provider = Microsoft Software Key Storage Provider Encryption test passed CertUtil: -store command completed successfully. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    Systeminfo
    *************************************************************************** Systeminfo *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>Systeminfo Host Name: FEM7 OS Name: Microsoft Windows 7 Ultimate OS Version: 6.1.7601 Service Pack 1 Build 7601 OS Manufacturer: Microsoft Corporation OS Configuration: Member Workstation OS Build Type: Multiprocessor Free Registered Owner: admin Registered Organization: Microsoft Product ID: 00426-OEM-8992662-00400 Original Install Date: 01/12/2011, 10:27:58 System Boot Time: 01/03/2013, 10:07:41 System Manufacturer: Dell Inc. System Model: Latitude E6420 System Type: x64-based PC Processor(s): 1 Processor(s) Installed. [01]: Intel64 Family 6 Model 42 Stepping 7 GenuineIntel ~1775 Mhz BIOS Version: Dell Inc. A06, 11/07/2011 Windows Directory: C:\Windows System Directory: C:\Windows\system32 Boot Device: \Device\HarddiskVolume2 System Locale: en-gb;English (United Kingdom) Input Locale: en-gb;English (United Kingdom) Time Zone: (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna Total Physical Memory: 8,073 MB Available Physical Memory: 6,594 MB Virtual Memory: Max Size: 16,144 MB Virtual Memory: Available: 14,468 MB Virtual Memory: In Use: 1,676 MB Page File Location(s): C:\pagefile.sys Domain: <a href="http://uecc.com">uecc.com</a> Logon Server: N/A Hotfix(s): 143 Hotfix(s) Installed. [01]: 982861 [02]: KB971033 [03]: KB2393802 [04]: KB2425227 [05]: KB2459268 [06]: KB2475792 [07]: KB2476490 [08]: KB2478662 [09]: KB2479943 [10]: KB2482122 [11]: KB2484033 [12]: KB2488113 [13]: KB2491683 [14]: KB2492386 [15]: KB2495523 [16]: KB2496898 [17]: KB2503665 [18]: KB2505438 [19]: KB2506014 [20]: KB2506212 [21]: KB2506928 [22]: KB2507618 [23]: KB2509553 [24]: KB2511250 [25]: KB2511455 [26]: KB2515325 [27]: KB2518869 [28]: KB2519736 [29]: KB2522422 [30]: KB2524375 [31]: KB2529073 [32]: KB2529825 [33]: KB2532531 [34]: KB2533552 [35]: KB2536275 [36]: KB2536276 [37]: KB2539635 [38]: KB2541014 [39]: KB2544893 [40]: KB2545698 [41]: KB2547666 [42]: KB2550648 [43]: KB2552343 [44]: KB2555917 [45]: KB2556532 [46]: KB2559049 [47]: KB2560656 [48]: KB2562937 [49]: KB2563227 [50]: KB2563894 [51]: KB2564958 [52]: KB2567680 [53]: KB2570947 [54]: KB2579686 [55]: KB2584146 [56]: KB2585542 [57]: KB2603229 [58]: KB2604115 [59]: KB2618451 [60]: KB2619339 [61]: KB2620704 [62]: KB2620712 [63]: KB2621440 [64]: KB2631813 [65]: KB2633952 [66]: KB2640148 [67]: KB2644615 [68]: KB2645640 [69]: KB2647753 [70]: KB2653956 [71]: KB2654428 [72]: KB2655992 [73]: KB2656356 [74]: KB2656373 [75]: KB2656411 [76]: KB2658846 [77]: KB2659262 [78]: KB2660075 [79]: KB2660649 [80]: KB2661254 [81]: KB2667402 [82]: KB2676562 [83]: KB2677070 [84]: KB2679255 [85]: KB2685811 [86]: KB2685813 [87]: KB2685939 [88]: KB2686831 [89]: KB2688338 [90]: KB2690533 [91]: KB2691442 [92]: KB2695962 [93]: KB2698365 [94]: KB2699779 [95]: KB2705219 [96]: KB2709630 [97]: KB2709715 [98]: KB2712808 [99]: KB2718704 [100]: KB2719857 [101]: KB2719985 [102]: KB2722913 [103]: KB2724197 [104]: KB2727528 [105]: KB2729094 [106]: KB2729452 [107]: KB2731847 [108]: KB2732059 [109]: KB2732487 [110]: KB2732500 [111]: KB2735855 [112]: KB2736233 [113]: KB2736422 [114]: KB2739159 [115]: KB2741355 [116]: KB2742599 [117]: KB2743555 [118]: KB2749655 [119]: KB2750841 [120]: KB2753842 [121]: KB2756921 [122]: KB2757638 [123]: KB2758857 [124]: KB2761217 [125]: KB2761465 [126]: KB2762895 [127]: KB2763523 [128]: KB2769369 [129]: KB2770660 [130]: KB2778344 [131]: KB2778930 [132]: KB2779030 [133]: KB2779562 [134]: KB2785220 [135]: KB2786081 [136]: KB2789645 [137]: KB2790655 [138]: KB2792100 [139]: KB2797052 [140]: KB958488 [141]: KB976002 [142]: KB976902 [143]: KB982018 Network Card(s): 2 NIC(s) Installed. [01]: Intel(R) 82579LM Gigabit Network Connection Connection Name: Local Area Connection DHCP Enabled: Yes DHCP Server: 192.168.1.1 IP address(es) [01]: 192.168.1.73 [02]: fe80::89b2:2f05:7a03:cf3d [02]: Intel(R) Centrino(R) Ultimate-N 6300 AGN Connection Name: Wireless Network Connection Status: Media disconnected C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>


    whoami /groups
    *************************************************************************** whoami /groups *************************************************************************** Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>whoami /groups GROUP INFORMATION ----------------- Group Name Type SID Attributes ====================================== ================ ============ ================================================== BUILTIN\Administrators Alias S-1-5-32-544 Enabled by default, Enabled group, Group owner Everyone Well-known group S-1-1-0 Mandatory group, Enabled by default, Enabled group NT AUTHORITY\Authenticated Users Well-known group S-1-5-11 Mandatory group, Enabled by default, Enabled group Mandatory Label\System Mandatory Level Label S-1-16-16384 C:\Windows\system32\LogSpace\{D056E7FB-7735-420B-B318-C058151EA845}>

    Friday, March 1, 2013 9:11 AM
  • any luck finding errors thruogh my logs ?


    • Edited by abusa3da Friday, March 1, 2013 12:02 PM
    Friday, March 1, 2013 12:01 PM
  • Hi,

    Removing unused certificates was a good thing. Your only remaining certificate does not have a valid subjet field. It's empty. It should contain the FQDN of your DirectAccess client. How did you generate your IPSEC DirectAccess certificate? Did you duplicate the computer Template?


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Monday, March 4, 2013 7:53 PM
  • i have duplicated the computer certificate and even make sure that its purpose does include the client authuntication , server authintication , and ike intermediate

    Tuesday, March 5, 2013 12:52 PM
  • how can i make sure that my CA is issuing certificate with the correct subject names ?

    Tuesday, March 5, 2013 12:53 PM
  • If you duplicated the default computer certificate Template, this will be OK. I assume no one made changes in the Template.

    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, March 7, 2013 8:24 AM
  • Hi,

    Can you run the following command on your URA Server and DirectAccess client : auditpol.exe /set /SubCategory:"IPsec Main Mode","IPsec Extended Mode" /success:enable /failure:enable

    This will generate IPSEC events in the security logs. We will be searching for events such as :  4653,4654 or others events revelating IPSEC negociation failure.


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, March 7, 2013 8:32 AM
  • i have enabled this on the direct access server and this is actuelly what im getting

    error number is 4653

    An IPsec main mode negotiation failed.

    Local Endpoint:

                  Local Principal Name:        -

                  Network Address: 2002:d47d:e6c3::d47d:e6c3

                  Keying Module Port:          500

    Remote Endpoint:

                  Principal Name:                  -

                  Network Address: 2002:d47d:e6c2:8100:4c6d:7b71:a125:5069

                  Keying Module Port:          500

    Additional Information:

                  Keying Module Name:        AuthIP

                  Authentication Method:     Unknown authentication

                  Role:                                    Responder

                  Impersonation State:         Not enabled

                  Main Mode Filter ID:          226087

    Failure Information:

                  Failure Point:                      Remote computer

                  Failure Reason:                   IKE authentication credentials are unacceptable

                  State:                                   Sent second (KE) payload

                  Initiator Cookie:                  b6895b51afa7adc9

                  Responder Cookie:             be39b4a8114d2610

    Thursday, March 7, 2013 11:29 AM
  • Hi

    So multiple causes :

    Expired certificate

    Certificate subject name mismatch

    incorrect certificate usage

    Out-dated published CRL

    Do you have the same event on client-side?


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

    Thursday, March 7, 2013 1:50 PM
  • i have done this and ive got this error on UAG

    An IPsec main mode negotiation failed.

    Local Endpoint:

                  Local Principal Name:        -

                  Network Address: 2002:d47d:e6c3::d47d:e6c3

                  Keying Module Port:          500

    Remote Endpoint:

                  Principal Name:                  -

                  Network Address: 2002:d47d:e6c2:8100:4c6d:7b71:a125:5069

                  Keying Module Port:          500

    Additional Information:

                  Keying Module Name:        AuthIP

                  Authentication Method:     Unknown authentication

                  Role:                                    Responder

                  Impersonation State:         Not enabled

                  Main Mode Filter ID:          226087

    Failure Information:

                  Failure Point:                      Remote computer

                  Failure Reason:                   IKE authentication credentials are unacceptable

                  State:                                   Sent second (KE) payload

                  Initiator Cookie:                  b6895b51afa7adc9

                  Responder Cookie:             be39b4a8114d2610

    Monday, March 11, 2013 7:30 AM
  • I found that kb2790655 was the patch that caused my issue just like yours.

    Try rolling back if you can.


    Don Heffron


    • Edited by Don Heffron Wednesday, April 10, 2013 2:54 PM
    Wednesday, April 10, 2013 2:53 PM