Event ID 4650

An IPsec main mode security association was established 

An IPsec main mode security association was established. Extended mode was not enabled.  Certificate authentication was not used.

Local Endpoint:
    Principal Name:     %1
    Network Address:    %3
    Keying Module Port: %4

Remote Endpoint:
    Principal Name:     %2
    Network Address:    %5
    Keying Module Port: %6

Security Association Information:
    Lifetime (minutes): %12
    Quick Mode Limit:   %13
    Main Mode SA ID:    %17

Cryptographic Information:
    Cipher Algorithm:   %9
    Integrity Algorithm:    %10
    Diffie-Hellman Group:   %11

Additional Information:
    Keying Module Name:     %7
    Authentication Method:  %8
    Role:                   %14
    Impersonation State:    %15
    Main Mode Filter ID:    %16


Generated on the computer that initiates or receives an IPsec connection once Main Mode negotiation (phase 1) is complete.

Microsoft Documentation

Event ID - 4650



Name Field Insertion String OS
Local Endpoint Principal Name LocalMMPrincipalName %1 Any
Remote Endpoint Principal Name RemoteMMPrincipalName %2 Any
Local Endpoint Network Address LocalAddress %3 Any
Local Endpoint Keying Module Port LocalKeyModPort %4 Any
Remote Endpoint Network Address RemoteAddress %5 Any
Remote Endpoint Keying Module Port RemoteKeyModPort %6 Any
Keying Module Name KeyModName %7 Any
Authentication Method MMAuthMethod %8 Any
Cipher Algorithm MMCipherAlg %9 Any
Integrity Algorithm MMIntegrityAlg %10 Any
Diffie-Hellman Group DHGroup %11 Any
Lifetime (minutes) MMLifetime %12 Any
Quick Mode Limit QMLimit %13 Any
Role Role %14 Any
Impersonation State MMImpersonationState %15 Any
Main Mode Filter ID MMFilterID %16 Any
Main Mode SA ID MMSAID %17 Any

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"IPsec Main Mode"
How to enable Windows Auditing
Recommended Audit Policy

Operating Systems:
Windows Vista Windows 2008 Windows 7 Windows 2008 R2 Windows 8 Windows 2012 Windows 8.1 Windows 2012 R2 Windows 10 Windows 2016 Windows 2019 Windows 7 Windows 2022

Tags:
Audit Success
Audit Category:
Logon/Logoff

Audit Subcategory:
IPsec Main Mode

LEFT/RIGHT arrow keys for navigation

Back to List