Windows Security Log Event ID 4981

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
Category
 • Subcategory		Logon/Logoff
 • IPsec Main Mode
Type Success
Corresponding events
in Windows 2003
and before		  

4981: IPsec Main Mode and Extended Mode security associations were established

On this page

I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.

Free Security Log Resources by Randy

Supercharger Enterprise


 

Examples of 4981

IPsec Main Mode and Extended Mode security associations were established.

Local Endpoint:

Principal Name:  %1
Network Address: %9
Keying Module Port: %10

Local Certificate:

SHA Thumbprint: %2
Issuing CA:  %3
Root CA:  %4

Remote Endpoint:

Principal Name:  %5
Network Address: %11
Keying Module Port: %12

Remote Certificate:

SHA Thumbprint: %6
Issuing CA:  %7
Root CA:  %8

Cryptographic Information:

Cipher Algorithm: %13
Integrity Algorithm: %14
Diffie-Hellman Group: %15

Security Association Information:

Lifetime (minutes): %16
Quick Mode Limit: %17
Main Mode SA ID: %21

Additional Information:

Keying Module Name: AuthIP
Authentication Method: SSL
Role:   %18
Impersonation State: %19
Main Mode Filter ID: %20

Extended Mode Information:

Local Principal Name: %22
Remote Principal Name: %23
Authentication Method: %24
Impersonation State: %25
Quick Mode Filter ID: %26

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:

 

Upcoming Webinars
Additional Resources

    Go To Event ID:

    Security Log
    Quick Reference
    Chart
    Download now!