Event ID 5458

IPsec Policy Agent applied locally cached copy of Active Directory storage IPsec policy on the computer. 

IPsec Policy Agent applied locally cached copy of Active Directory storage IPsec policy on the computer.

Policy DN:      %1


Event 5458 is the success fallback event in the PAStore Engine policy application chain. It is logged when the PAStore Engine could not apply the live Active Directory IPsec policy — either because AD was unreachable or because the live policy failed to apply (5457) — and instead successfully fell back to the locally cached copy of that policy.

Auditing:     Conditional

Enable alongside 5456 (Success) and 5457 (Failure). A 5458 event without a subsequent 5456 event indicates the machine could not revert to the live AD policy, which is an operational concern in IPsec-reliant environments.


Volume:     Low

Event 5458 only appears when something goes wrong in the policy application path. On a healthy, well-connected machine this event should never appear.




Name Field Insertion String OS Example
Policy DN Policy %1 Any CN=ipsecPolicy{5458c...

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Filtering Platform Policy Change"
How to enable Windows Auditing
Recommended Audit Policy

Operating Systems:
Windows Vista Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022

Audit Category:
Policy Change

Audit Subcategory:
Filtering Platform Policy Change

LEFT/RIGHT arrow keys for navigation

Back to List