Attempt to disable connection security failed (Rule)

Knowledge Base article:


Each node in a failover cluster requires network connectivity with the other nodes.Problems with a network adapter or other network device (either physical problems or configuration problems) can interfere with connectivity.

Event Details

イベント ID :




Symbolic Name:


Message: Cluster service failed to disable Internet Protocol security (IPsec) on the Failover cluster virtual adapter '%1'. This could have a negative impact on cluster communication performance. If this problem persists, please verify your local and domain connection security policies applying to IPSec and the Windows Firewall. Additionally, please check for events related to the Base Filtering Engine service.


Check policies related to IPSec and Windows Firewall with Advanced Security

Local and domain security policies can prevent the Cluster service from disabling IPSec on a network adapter used by a failover cluster.If IPSec cannot be disabled, the performance of the cluster can be negatively impacted.Review the policies, or work with a network administrator to review the policies related to IPSec and Windows Firewall with Advanced Security.Also confirm that the Base Filtering Engine service (which manages firewall and IPSec policies) is started on the node.For more information, see "Opening Services and viewing or restarting the Base Filtering Engine service."

If you do not currently have Event Viewer open, see "Opening Event Viewer and viewing events related to failover clustering or the firewall."

Opening Services and viewing or restarting the Base Filtering Engine service

To open Services and view or restart the Base Filtering Engine service:

Opening Event Viewer and viewing events related to failover clustering or the firewall

To open Event Viewer and view events related to failover clustering or the firewall:


Restart the Cluster service, confirm that the nodes come up successfully and that the clustered networks are functioning.

To perform the following procedure, you must be a member of the local Administrators group on each clustered server, and the account you use must be a domain account, or you must have been delegated the equivalent authority.

To restart the Cluster service on a node and confirm the status of the nodes and networks:

Element properties:

Alert GenerateTrue
Alert SeverityWarning
Alert PriorityNormal
Alert Message
Attempt to disable connection security failed

Member Modules:

ID Module Type TypeId RunAs 
DS DataSource Microsoft.Windows.2008.Cluster.EventProvider Default
WA WriteAction Microsoft.Windows.Cluster.GenerateAlertAction.SuppressedByDescription Default

Source Code:

<Rule ID="" Enabled="true" Target="Clus2008Library!Microsoft.Windows.2008.R2.Cluster.Monitoring.Service" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<DataSource ID="DS" TypeID="Microsoft.Windows.2008.Cluster.EventProvider">
<WriteAction ID="WA" TypeID="ClusLibrary!Microsoft.Windows.Cluster.GenerateAlertAction.SuppressedByDescription">