Windows Security Log Event ID 4982
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Logon/Logoff • IPsec Main Mode |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
|
4982: IPsec Main Mode and Extended Mode security associations were established
On this page
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
Free Security Log Resources by Randy
Setup PowerShell Audit Log Forwarding in 4 Minutes
IPsec Main Mode and Extended Mode security associations were established.
Local Endpoint:
Principal Name: %1
Network Address:
Keying Module Port: %9
Local Certificate:
SHA Thumbprint: %2
Issuing CA: %3
Root CA: %4
Remote Endpoint:
Principal Name: %5
Network Address: %11
Keying Module Port: %12
Remote Certificate:
SHA Thumbprint: %6
Issuing CA: %7
Root CA: %8
Cryptographic Information:
Cipher Algorithm: %12
Integrity Algorithm: %13
Diffie-Hellman Group: %14
Security Association Information:
Lifetime (minutes): %15
Quick Mode Limit: %16
Main Mode SA ID: %20
Additional Information:
Keying Module Name: AuthIP
Authentication Method: SSL
Role: %17
Impersonation State: %18
Main Mode Filter ID: %19
Extended Mode Local Endpoint:
Principal Name: %21
Certificate SHA Thumbprint: %22
Certificate Issuing CA: %23
Certificate Root CA: %24
Extended Mode Remote Endpoint:
Principal Name: %25
Certificate SHA Thumbprint: %26
Certificate Issuing CA: %27
Certificate Root CA: %28
Extended Mode Additional Information:
Authentication Method: SSL
Impersonation State: %29
Quick Mode Filter ID: %30
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection