Information Technology Reference
In-Depth Information
Microsoft KB 832919: “New Features and Functionality in PortQry Version 2.0”
Microsoft TechNet: “PortQryUI—User Interface for the PortQry Command Line Port
Scanner” (
http://www.microsoft.com/downloads/details.
aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&DisplayLang=en
)
9-13. Troubleshooting IPSec
You want to view details of the current IPSec configuration that's been applied to a Windows
Server 2003 computer. This should be your first step when troubleshooting network communi-
cation issues that you suspect are related to an IPSec policy.
Solution
Using a Graphical User Interface
1.
Open the IPSec Monitor MMC snap-in.
2.
Navigate to IP Security Monitor
➤
<ServerName>
➤
Active Policy
3.
In the right pane, you'll see the following information:
Policy name.
Policy description.
Policy last modified.
Policy store. This specifies whether the policy is being stored in Active Directory or in
the Local Security Policy.
Policy path. This specifies the file system or Active Directory path that the active
policy resides in.
Organizational unit. This specifies the organizational unit that the computer resides
in, if applicable.
Group Policy object name.
4.
For additional information on IPSec filters that are in place, navigate to Quick Mode
➤
Generic Filters. Double-click on an individual filter to see the details of the filter
definition.
5.
For additional information and statistics on the security negotiation process, click on
the Quick Mode
➤
Negotiation Policies node.
6.
For IPSec performance statistics, click on the Quick Mode
➤
Statistics node.
Using a Command-Line Interface
The following command creates a file called
display.txt
that contains a detailed description
of the current IPSec configuration:
