Microsoft KB Archive/256284

From BetaArchive Wiki
< Microsoft KB Archive
Revision as of 16:17, 18 July 2020 by 3155ffGd (talk | contribs) (importing KB archive)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Knowledge Base

PSS ID Number: 256284

Article Last Modified on 11/13/2003

The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional

This article was previously published under Q256284


When you use the IP Security Monitor (Ipsecmon.exe) tool on the Responder side of an IP Security Protocol (IPSec) connection to view information about a security association (SA), the Main-mode SA information that is displayed may be incorrect.


This problem can occur because the Internet Key Exchange (IKE) protocol incorrectly audits a Main-mode SA and increments the Main-mode counter on the Responder side of an IPSec negotiation before the creation of the ID payload on the Responder side succeeds. Also, the Main-mode counter is incremented even if the SA does not succeed.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.


IKE audits a Main-mode SA a second time after the creation of the ID payload, generating two Main-mode SA audit messages in the Event log on the Responder side of an IPSec connection.

Keywords: kbprb KB256284
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch