Hi all,we have problem with Windows 2008 IPSec.We have old Windows 2003 server with IAS and IPSec policy set to make IPSec tunnel to another IAS (the remote peer is non-Microsoft). We have made migrate IAS and IPSec settings to Windows 2008 server this way:1) migrate IAS and IPSec settings to temporary Windows 2003 box2) Upgrade the temporary box to Windows 20083) Install new Windows 20084) migrate NPS & IPSec settings from temporary boxUnfortunatelly, the IPSec tunnel is not established. Here is the difference between ping on Windows 2003 and Windows 2008: ----- windows 2003 -----C:\>ping peer Pinging peer [x.x.x.x] with 32 bytes of data: Negotiating IP Security.Reply from x.x.x.x: bytes=32 time=5ms TTL=61Reply from x.x.x.x: bytes=32 time=5ms TTL=61Reply from x.x.x.x: bytes=32 time=2ms TTL=61 Ping statistics for x.x.x.x: Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 5ms, Average = 4ms ------------------------------ ----- windows 2008 -----C:\>ping peer Pinging peer [x.x.x.x] with 32 bytes of data:Request timed out.Request timed out.Request timed out.Request timed out. Ping statistics for x.x.x.x: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), ------------------------------ I've made the 'wfpdiag.txt' file usingthe procedure from the followinglink: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/98d5725b-f285-4b20-894b-1b159488253c/ This is the content of 'wfpdiag.txt': ----- wfpdiag.txt -----Unknown( 69): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 26): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 27): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 28): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 29): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 30): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 31): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 32): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 33): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 34): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 35): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 36): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 37): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 38): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 26): GUID=b8747edf-74b8-5466-5e0d-5670cef348e0 (No Format Information found).Unknown( 10): GUID=ae2d5d2e-3b0b-a630-ba81-c7b1398787b0 (No Format Information found).Unknown( 72): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 11): GUID=eb87c8de-b8c6-6c09-149c-c79ad0f8b218 (No Format Information found).Unknown( 12): GUID=eb87c8de-b8c6-6c09-149c-c79ad0f8b218 (No Format Information found).Unknown( 11): GUID=5cad3368-a83b-fc5d-522e-77d12a96cb63 (No Format Information found).Unknown( 15): GUID=eb87c8de-b8c6-6c09-149c-c79ad0f8b218 (No Format Information found).Unknown( 13): GUID=eb87c8de-b8c6-6c09-149c-c79ad0f8b218 (No Format Information found).Unknown( 12): GUID=eb87c8de-b8c6-6c09-149c-c79ad0f8b218 (No Format Information found).Unknown( 10): GUID=eb87c8de-b8c6-6c09-149c-c79ad0f8b218 (No Format Information found).Unknown( 67): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 11): GUID=ae2d5d2e-3b0b-a630-ba81-c7b1398787b0 (No Format Information found).Unknown( 30): GUID=76a9e99c-e960-0a9e-7f42-c8b9d9975e9e (No Format Information found).Unknown( 27): GUID=b8747edf-74b8-5466-5e0d-5670cef348e0 (No Format Information found).Unknown( 23): GUID=b8747edf-74b8-5466-5e0d-5670cef348e0 (No Format Information found).Unknown( 28): GUID=b8747edf-74b8-5466-5e0d-5670cef348e0 (No Format Information found).Unknown( 39): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 41): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 43): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 45): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 47): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 49): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 51): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 53): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 55): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 57): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 59): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 61): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 63): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 65): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).Unknown( 15): GUID=b8747edf-74b8-5466-5e0d-5670cef348e0 (No Format Information found).Unknown( 10): GUID=b6a61f0c-ae04-a22a-fcbb-764b062c98cb (No Format Information found).-------------------------- Can anybody help me to find out the source of the problem? Thanks,R.*R.*

HI.try to build the Ipsec policy in the firewall on the 2008 server instead of using the old ipsec policy./Johan

It is likely the key exchange encountered some errors. Can you confirm this in the Event Viewer?

hello Johan,unfortunatelly, the creation of IPSec in Firewall dialog did not resolve this problem.R.*

Hello Kenyon,unfortunatelly, I haven't access to the Windows 2008 box just now, however Ididn'tnoticed any usefull errors or warnings in the event log when I tested it. This friday we're going to make in-place upgrade the Windows 2003 box and we'll see...R.*

Hi Ravo2, The failure of key exchange is likely to be logged in the security logs, rather than system or application logs. It may be some kind of audit failure rather than error or warining. Can you check it in the Event Viewer? Regards, Kenyon

Hello Kenyon,I just be able to follow this problem again. I've checked all Event Logs and not found any usefull entry.I've also tried to build the IPSec between the Windows 2008 R2 and Windows 2003 - no success as well. I've tried the 'old' way with the secpol.msc and the Firewall Console - both has not worked :(R.*

More over, in the NetMon I can see this:'AuthIP:version 1.0, Main Mode, Initiator, First Exchange with Unknown peer SPN, Initiator provide proposal SSL for negotiation ,Payloads = HDR, CRYPTO, SA, AUTH, Ni, VID, NAT-D, Flags = ..., Length = 336'Regards,R.*