Server: Windows Server 2008 R2 Standard Client: Windows 7 Professional I'm attempting to secure all CIFS traffic between the server and the client. I can get this to work by creating server-to-server rules on each side on most clients. I have one Windows 7 Pro client that I cannot get this to work at all. My rules are very simple on each side. Server: Firewall: Allow Inbound/Outbound Endpoint 1= any Endpoint 2 = client IP Protocol = Any Authentication = Require inbound & outbound, advanced, PSK (for testing) Client: Firewall: Allow Inbound/Outbound Endpoint 1= any Endpoint 2 = server IP Protocol = Any Authentication = Require inbound & outbound, advanced, PSK (for testing) This same configuration works for other clients. I've been using RDP as a test. I can see the main mode get established and the quick mode. I never complete the connection though. Any ideas on where to start troubleshooting?

Hi, Please try to install the following hotfix to test: SMB/CIFS sessions leak in Windows Vista, in Windows Server 2008, in Windows 7 and in Windows Server 2008 R2 http://support.microsoft.com/kb/2537589 If the issue persist, please provide more information such as Event ID for further analysis: Hope this helps! Best Regards Elytis ChengElytis Cheng TechNet Community Support

Thanks for the suggestion. Unfortuantely neither main mode or quick mode establish now. I did turn on logging through the advanced audit configuration. I have this event in the log of the client (10.0.0.52): An IPsec main mode negotiation failed. Local Endpoint: Local Principal Name: - Network Address: 10.0.0.52 Keying Module Port: 500 Remote Endpoint: Principal Name: - Network Address: 10.0.0.113 Keying Module Port: 500 Additional Information: Keying Module Name: IKEv1 Authentication Method: Unknown authentication Role: Initiator Impersonation State: Not enabled Main Mode Filter ID: 752925 Failure Information: Failure Point: Local computer Failure Reason: Negotiation timed out State: Sent first (SA) payload Initiator Cookie: 40eb66d0ead938c8 Responder Cookie: 0000000000000000

Somehow the main mode & quick mode were established on subsequent tests: (from the client) An IPsec main mode security association was established. Extended mode was not enabled. Certificate authentication was not used. Local Endpoint: Principal Name: - Network Address: 10.0.0.52 Keying Module Port: 500 Remote Endpoint: Principal Name: - Network Address: 10.0.0.113 Keying Module Port: 500 Security Association Information: Lifetime (minutes): 480 Quick Mode Limit: 0 Main Mode SA ID: 6 Cryptographic Information: Cipher Algorithm: AES-128 Integrity Algorithm: SHA1 Diffie-Hellman Group: DH group 2 Additional Information: Keying Module Name: IKEv1 Authentication Method: Preshared key Role: Initiator Impersonation State: Not enabled Main Mode Filter ID: 754647 -------- An IPsec quick mode security association was established. Local Endpoint: Network Address: 10.0.0.52 Network Address mask: 255.255.255.255 Port: 0 Tunnel Endpoint: - Remote Endpoint: Network Address: 10.0.0.113 Network Address Mask: 255.255.255.255 Port: 0 Private Address: 0.0.0.0 Tunnel Endpoint: - Protocol: 0 Keying Module Name: - Cryptographic Information: Integrity Algorithm - AH: - Integrity Algorithm - ESP: SHA-1 Encryption Algorithm: - Security Association Information: Lifetime - seconds: 3600 Lifetime - data: 100000 Lifetime - packets: 2147483647 Mode: Transport Role: Initiator Quick Mode Filter ID: 754670 Main Mode SA ID: 6 Quick Mode SA ID: 6 Additional Information: Inbound SPI: 1755269999 Outbound SPI: 371512290 Virtual Interface Tunnel ID: 0 Traffic Selector ID: 0

I found what is causing this issue. After bootign into safe mode with networking, I was able to get this to work. On a chance, I uninstalled the Sonicwall Global VPN client. After a reboot, it worked. I reinstalled the VPN client and it stopped working. What I don't yet understand is why. I know they both use IPSec, but I'm not sure why it breaks Windows IPSec.

I found what is causing this issue. After bootign into safe mode with networking, I was able to get this to work. On a chance, I uninstalled the Sonicwall Global VPN client. After a reboot, it worked. I reinstalled the VPN client and it stopped working. What I don't yet understand is why. I know they both use IPSec, but I'm not sure why it breaks Windows IPSec.