We have two 2008 R2 file servers and (mostly) XP clients. Random clients sporatically drop mapped connections to 2 file servers, and access to the server is not resstored with log off/log on, but requires a client reboot. This produces a Security log entry on both the client and server. Below is an example from the server. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/12/2011 11:37:56 PM Event ID: 4654 Task Category: IPsec Quick Mode Level: Information Keywords: Audit Failure User: N/A Computer: FS1.housing.berkeley.edu Description: An IPsec quick mode negotiation failed. Local Endpoint: Network Address: 169.229.70.221 Network Address mask: 0.0.0.0 Port: 0 Tunnel Endpoint: - Remote Endpoint: Network Address: 169.229.66.65 Address Mask: 0.0.0.0 Port: 0 Tunnel Endpoint: - Private Address: 0.0.0.0 Additional Information: Protocol: 6 Keying Module Name: IKEv1 Virtual Interface Tunnel ID: 0 Traffic Selector ID: 0 Mode: Transport Role: Responder Quick Mode Filter ID: 70928 Main Mode SA ID: 380657 Failure Information: State: Sent first (SA) payload Message ID: 1833354141 Failure Point: Local computer Failure Reason: Cannot create a file when that file already exists. I haven't been able to find any mention of this online. Any ideas? Thanks! Bob Muzzy SA IT, UC Berkeley

Hi Bob, Thanks for posting here. Have ever set any IPsec policy or filter on either side ? if yes, how and what did we set ? any idea What was the error prompt when connection been dropped? Can we still reach these servers by using other methods and protocols like ping IP addresses form clients? And will other hosts also been affected ? I’d suggest first to patch the latest service pack and hotfixes for both server and XP clients. Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Bob, Thanks for posting here. Have ever set any IPsec policy or filter on either side ? if yes, how and what did we set ? any idea What was the error prompt when connection been dropped? Can we still reach these servers by using other methods and protocols like ping IP addresses form clients? And will other hosts also been affected ? I’d suggest first to patch the latest service pack and hotfixes for both server and XP clients. Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Bob, Thanks for posting here. Have ever set any IPsec policy or filter on either side ? if yes, how and what did we set ? any idea What was the error prompt when connection been dropped? Can we still reach these servers by using other methods and protocols like ping IP addresses form clients? And will other hosts also been affected ? I’d suggest first to patch the latest service pack and hotfixes for both server and XP clients. Thanks. Tiger Li Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

We set a policy the Windows firewall on each server (vs via GPO) to request inbound & outbound IPSec, using kerberos then our domain certs. The only error popups are from the whatever application, e.g.; Thunderbird, had a connection to that server. I *believe* the server that drops can still be pinged. I've asked a desktop guy to verify this. We've only seen this on the 2 2008 R2 file servers here. All servers and clients are patched monthly. thanks. Bob Bob Muzzy SA IT, UC Berkeley

We set a policy the Windows firewall on each server (vs via GPO) to request inbound & outbound IPSec, using kerberos then our domain certs. The only error popups are from the whatever application, e.g.; Thunderbird, had a connection to that server. I *believe* the server that drops can still be pinged. I've asked a desktop guy to verify this. We've only seen this on the 2 2008 R2 file servers here. All servers and clients are patched monthly. thanks. Bob Bob Muzzy SA IT, UC Berkeley

We set a policy the Windows firewall on each server (vs via GPO) to request inbound & outbound IPSec, using kerberos then our domain certs. The only error popups are from the whatever application, e.g.; Thunderbird, had a connection to that server. I *believe* the server that drops can still be pinged. I've asked a desktop guy to verify this. We've only seen this on the 2 2008 R2 file servers here. All servers and clients are patched monthly. thanks. Bob Bob Muzzy SA IT, UC Berkeley

We have this exact same issue, did you ever find a resolution?

We have this exact same issue, did you ever find a resolution?

No, we opened a ticket with MS support and they sent us a tool to capture data related to IPSec. I sent them some logs but haven't heard back from them yet. I need to re-contact them... Bob Muzzy SA IT, UC Berkeley

No, we opened a ticket with MS support and they sent us a tool to capture data related to IPSec. I sent them some logs but haven't heard back from them yet. I need to re-contact them... Bob Muzzy SA IT, UC Berkeley

I have found that if I restart the IPSec service or do a gpupdate /force it resolves the problem for a while so we don't have to reboot all the time. This is only an issue with Windows XP for us as our Windows 7 machines don't have the problem. If you do find a solution, I'd love to hear it. We are just dealing with it for the time being because we have Windows 7 upgrades coming in the near future and it is only affecting a small group of people (haven't found the common denominator yet).

I have found that if I restart the IPSec service or do a gpupdate /force it resolves the problem for a while so we don't have to reboot all the time. This is only an issue with Windows XP for us as our Windows 7 machines don't have the problem. If you do find a solution, I'd love to hear it. We are just dealing with it for the time being because we have Windows 7 upgrades coming in the near future and it is only affecting a small group of people (haven't found the common denominator yet).

I have found that if I restart the IPSec service or do a gpupdate /force it resolves the problem for a while so we don't have to reboot all the time. This is only an issue with Windows XP for us as our Windows 7 machines don't have the problem. If you do find a solution, I'd love to hear it. We are just dealing with it for the time being because we have Windows 7 upgrades coming in the near future and it is only affecting a small group of people (haven't found the common denominator yet).

No, we opened a ticket with MS support and they sent us a tool to capture data related to IPSec. I sent them some logs but haven't heard back from them yet. I need to re-contact them... Bob Muzzy SA IT, UC Berkeley

We have this exact same issue, did you ever find a resolution?