|
Posted by Dan on March 19, 2007, 9:39 pm
Please log in for more thread options
I have a windows 2003 domain. I have 2 Servers that are both in the same
domain.
I have a filter requiring ESP (3DES/SHA1) only for communications on port 80
+ 25 between these 2 servers.
When I use kerberos for authentication... authentication fails. When I
switch the authentication method to use a preshared key for authentication,
everything works perfectly.
DNS is working fine. The servers resolve each other and the DC properly.
Logging into the servers works properly, and normal kerberos auth doesn't
seem to cause problems/errors.
#####
IKE security association negotiation failed.
Mode:
Key Exchange Mode (Main Mode)
Filter:
Source IP Address XX.XXX.XXX.XX
Source IP Address Mask 255.255.255.255
Destination IP Address XX.XXX.XXX.XX
Destination IP Address Mask 255.255.255.255
Protocol 0
Source Port 0
Destination Port 0
IKE Local Addr XX.XXX.XXX.XX
IKE Peer Addr XX.XXX.XXX.XX
IKE Source Port 500
IKE Destination Port 500
Peer Private Addr
Peer Identity:
Kerberos based Identity: servername$@domain.COM
Peer IP Address: XX.XXX.XXX.XX
Failure Point:
Me
Failure Reason:
Negotiation timed out
Extra Status:
Processed first (SA) payload
Initiator. Delta Time 62
0x0 0x0
#####
I've followed the MS troubleshooting docs, (disabled any offloading), and
verified that there are not errors in the AD logs.
Any help/ideas would be GREATLY appreciated.
| 
XML Sitemap