IPSec related failures

IPSec_related_failures_1_Rule (Rule)

Knowledge Base article:

Management Pack
Summary
The connection attempt failed because a machine certificate was not found for IP Security (IPSec).
 
Causes
The most common reasons for this error are:
  1. Not enough memory is available on the server.
  2. The machine certificate is not found.
 
Resolutions
  1. If the server is low on memory, take appropriate action to increase the available memory. See Help and Support Center for information on low memory.
  2. Install the machine certificate for L2TP connections. For information about installating L2TP computer certificate, contact your network administrator or see Help and Support Center.
 
Sample Event
Sample Event: A certificate could not be found. Connections that use the L2TP protocol over IPSecrequire the installation of a machine certificate, also known as a computercertificate. No L2TP calls will be accepted.
 
© 2004 Microsoft Corporation, all rights reserved.

Element properties:

TargetMicrosoft.Windows.Server.RRAS.Microsoft_Windows_2003_Routing_and_Remote_Access_Servers_Installation
CategoryEventCollection
EnabledTrue
Event_ID20192
Event SourceRemoteAccess
Alert GenerateFalse
RemotableTrue
Event LogSystem
CommentMom2005ID='{EDB1EC0C-2816-4CB2-8C7A-C5DD5E369FC5}';MOM2005ComputerGroupID={2C66DD87-4D20-48F6-B6A3-19A1598ED025}

Member Modules:

ID Module Type TypeId RunAs 
_907D4578_146C_11D3_AB21_00A0C98620CE_ DataSource Microsoft.Windows.EventProvider Default
CollectEventData WriteAction Microsoft.SystemCenter.CollectEvent Default
CollectEventDataWarehouse WriteAction Microsoft.SystemCenter.DataWarehouse.PublishEventData Default
GenerateAlert WriteAction System.Mom.BackwardCompatibility.AlertResponse Default

Source Code:

<Rule ID="IPSec_related_failures_1_Rule" Target="Microsoft.Windows.Server.RRAS.Microsoft_Windows_2003_Routing_and_Remote_Access_Servers_Installation" Enabled="true" ConfirmDelivery="true" Comment="Mom2005ID='{EDB1EC0C-2816-4CB2-8C7A-C5DD5E369FC5}';MOM2005ComputerGroupID={2C66DD87-4D20-48F6-B6A3-19A1598ED025}">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="_907D4578_146C_11D3_AB21_00A0C98620CE_" Comment="{907D4578-146C-11D3-AB21-00A0C98620CE}" TypeID="WindowsLibrary!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="WindowsLibrary!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>System</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="Integer">EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>20192</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery Type="String">PublisherName</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>RemoteAccess</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="MomBackwardCompatibility!System.Mom.BackwardCompatibility.AlertResponse">
<AlertGeneration>
<GenerateAlert>false</GenerateAlert>
</AlertGeneration>
<InvokerType>1</InvokerType>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SystemCenterLibrary!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="DataWarehouseLibrary!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>