Your Computer May Log Several Security Parameters Index Events Upon Restart (257746)
The information in this article applies to:
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
This article was previously published under Q257746 SYMPTOMS
After you shut down and then restart a Windows 2000-based computer that has IP Security Protocol (IPSec) security association (SA) connections established with other computers, you may see several Security Parameters Index (SPI) events listed in the System log of your Windows 2000-based computer.
CAUSE
This problem can occur if your computer does not send an IPSec delete notification when it shuts down to the computers with which it has SAs established. This causes the other computers to continue sending traffic to your computer using SAs that are no longer valid.
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. MORE INFORMATION
The problem described in this article occurs when the Transport Control Protocol/Internet Protocol (TCP/IP) address is removed from the stack before the IPSec Policy Agent service stops. When this behavior occurs, there is no TCP/IP interface available on which your computer can send the IPSec delete notification.
Note that the order in which the TCP/IP address is removed from the stack and the IPSec Policy Agent service stops is unpredictable.
| Modification Type: | Major | Last Reviewed: | 11/20/2003 |
|---|
| Keywords: | kbIPSec kbprb KB257746 |
|---|
|