Event ID 4978 – During Extended Mode negotiation, IPsec received an invalid negotiation packet.
|Sub-Category||Audit IPsec Extended Mode|
|Description||During an Extended Mode negotiation, IPsec received an invalid negotiation packet.|
If IPsec receives an invalid negotiation packet during Extended Mode negotiation, event 4978 is generated. If there is a repetition of this problem, it could indicate either a network issue or an attempt to modify and replay the negotiation.
Example of 4978 log:
During Extended Mode negotiation, IPsec received an invalid negotiation packet. If this problem persists, it could indicate a network issue or an attempt to modify or replay this negotiation.
Local Network Address: %1
Remote Network Address: %2
Keying Module Name: %3
Why does event ID 4978 need to be monitored?
Security events which fall under the Audit IPsec Extended Mode subcategory are monitored primarily for IPsec Extended Mode troubleshooting.
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all IPsec negotiations, helping you meet your security, operational, and compliance needs with absolute ease.
Event 4978 applies to the following operating systems:
- Windows 10
- Windows Server 2016
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools