Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot reset the IPsec authentication method to Default in Windows Firewall with Advanced Security on Windows 7 or on Windows Server 2008 R2


View products that this article applies to.

Symptoms

On a computer that is running Windows 7 or Windows Server 2008 R2, after you change the Internet Protocol security (IPsec) authentication method to an option other than Default in Windows Firewall with Advanced Security, you cannot change it back to the value Default. Specifically, when you try to reset the IPsec authentication method to Default, there is no warning or error to indicate that the change is not saved. This may result in mismatched policies and connection failures.

↑ Back to the top


Workaround

To work around this issue, use one of the following methods. The methods are listed in order of preference. The following workarounds use the local computer to demonstrate the changes that are needed. You can also use the Group Policy Management Console (GPMC) console to target a Group Policy object (GPO).

Method 1: Change the default authentication method to match the inbox system default, Computer (Kerberos V5)

  1. Log on to the computer by using an administrator account.
  2. Open the "Windows Firewall with Advanced Security" Microsoft Management Console (MMC) snap-in. To do this, click Start
    , type wf.msc in the Start Search box, and then press ENTER.
    If you are prompted for an administrator password or for confirmation, type the password, or click Continue.
  3. On the Actions pane, click Properties.
  4. Click the IPsec Settings tab, and then click Customize under IPsec defaults.
  5. Under Authentication method, click to select the Computer (Kerberos V5) check box.
  6. Click OK.

    Important note After you follow these steps, all connection security rules that use the default authentication method will use Computer (Kerberos V5) for authentication.

Method 2: Change only those connection security rules that use the default authentication method to match the inbox system default, Computer (Kerberos V5)

  1. Log on to the computer by using an administrator account.
  2. Open the "Windows Firewall with Advanced Security" MMC snap-in. To do this, click Start
    , type wf.msc in the Start Search box, and then press ENTER.
    If you are prompted for an administrator password or for confirmation, type the password, or click Continue.
  3. On the navigation pane, click Connection Security Rules.
  4. For each rule in the result list, do the following:
    1. Click to highlight the rule, and then click Properties on the Actions pane.
    2. On the Authentication tab, click to select the Computer (Kerberos V5) check box under Method.
    3. Click OK.

↑ Back to the top


Keywords: kbtshoot, kbexpertiseinter, kbsurveynew, kbprb, KB973226

↑ Back to the top

Article Info
Article ID : 973226
Revision : 5
Created on : 7/22/2009
Published on : 7/22/2009
Exists online : False
Views : 180