Windows Security Log Event ID 4981
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Logon/Logoff • IPsec Main Mode |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
4981: IPsec Main Mode and Extended Mode security associations were established
On this page
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
Free Security Log Resources by Randy
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.
IPsec Main Mode and Extended Mode security associations were established.
Local Endpoint:
Principal Name: %1
Network Address: %9
Keying Module Port: %10
Local Certificate:
SHA Thumbprint: %2
Issuing CA: %3
Root CA: %4
Remote Endpoint:
Principal Name: %5
Network Address: %11
Keying Module Port: %12
Remote Certificate:
SHA Thumbprint: %6
Issuing CA: %7
Root CA: %8
Cryptographic Information:
Cipher Algorithm: %13
Integrity Algorithm: %14
Diffie-Hellman Group: %15
Security Association Information:
Lifetime (minutes): %16
Quick Mode Limit: %17
Main Mode SA ID: %21
Additional Information:
Keying Module Name: AuthIP
Authentication Method: SSL
Role: %18
Impersonation State: %19
Main Mode Filter ID: %20
Extended Mode Information:
Local Principal Name: %22
Remote Principal Name: %23
Authentication Method: %24
Impersonation State: %25
Quick Mode Filter ID: %26
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection