Event ID 5459

IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.

IPsec Policy Agent failed to apply locally cached copy of Active Directory storage IPsec policy on the computer.

Policy DN:      %1
Error Code:     %2

Event 5459 is the Failure counterpart to Event 5458. It is logged when the PAStore Engine attempted to fall back to the locally cached copy of the AD IPsec policy — having already failed to apply the live AD policy (5457) — but the cached copy itself also failed to apply.

Auditing: Conditional

Requires **Failure** auditing on the subcategory. Enable together with the full PAStore event family (5456 Success + 5457/5459/5461 Failure) for a complete picture of IPsec policy application health.

Volume: Low

This event only occurs during the second stage of a dual-failure scenario — the cached copy failing after the live policy has already failed. On a well-managed system this should never appear.

Name		Field	Insertion String	OS	Example
	Policy DN	Policy	%1	Any	CN=ipsecPolicy{5458c...
	Error Code	ErrorCode	%2	Any	0x00000002

Lookup Audit Policy Configuration Settings


  C:\> AuditPol.exe /get  /subcategory:"Filtering Platform Policy Change"

How to enable Windows Auditing

Recommended Audit Policy

Operating Systems:

Windows 2008 Windows 2008 R2 Windows 7 Windows 2012 Windows 2012 R2 Windows 8 Windows 8.1 Windows 10 Windows 2016 Windows 2019 Windows 11 Windows 2022 Windows 2025 Windows Vista

Audit Category:

Policy Change

Audit Subcategory:

Filtering Platform Policy Change

LEFT/RIGHT arrow keys for navigation

Back to List