Article ID: 946887 - Last Review: September 18, 2008 - Revision: 1.0

A Windows Vista or Windows Server 2008-based computer cannot negotiate the security mode with the partner if you use a subnet address as a source address or as a destination filter address when you configure IPsec policy to use tunnel mode

Hotfix download is availableHotfix Download Available
View and request hotfix downloads
View products that this article applies to.

On This Page

Expand all | Collapse all

SYMPTOMS

Consider the following scenario:
  • In a network environment, you configure the Internet Protocol security (IPsec) policy to use the tunnel mode.
  • In the IP Filter Properties dialog box of the IPsec policy, you use a subnet address for the Source Address or for the Destination Address.
  • You try to establish the IPsec tunnel-mode connection to a partner computer from a Windows Vista-based computer or from a Windows Server 2008-based computer.
In this scenario, the computer cannot negotiate the security mode with the partner computer. Therefore, you cannot use IPsec to secure the connection.
Back to the top

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix on Windows Vista-based computer, you must have Windows Vista SP1 installed.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:
935791  (http://support.microsoft.com/kb/935791/ ) How to obtain the latest Windows Vista service pack
No prerequisites are required for Windows Server 2008-based computers.

Restart requirement

You have to restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows Vista and Windows Server 2008 file information notes

The .manifest files and the .mum files that are installed in each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. These files and their associated .cat (security catalog) files are critical to maintaining the state of the updated component. The .cat files are signed with a Microsoft digital signature. The attributes of these security files are not listed.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Fwremotesvr.dll6.0.6001.2212228,67226-Feb-200805:26x86
Ipsecsvc.dll6.0.6001.22122361,98426-Feb-200805:27x86
Ipsecsvc.mofNot Applicable1,27818-Dec-200721:07Not Applicable
Polstore.dll6.0.6001.22122272,89626-Feb-200805:30x86
Polstore.mofNot Applicable1,27518-Dec-200721:07Not Applicable
Winipsec.dll6.0.6001.2212261,44026-Feb-200805:31x86
Winipsec.mofNot Applicable1,27018-Dec-200721:07Not Applicable
For all supported x64-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Fwremotesvr.dll6.0.6001.2212250,17626-Feb-200805:55x64
Ipsecsvc.dll6.0.6001.22122530,94426-Feb-200805:56x64
Ipsecsvc.mofNot Applicable1,27818-Dec-200721:07Not Applicable
Polstore.dll6.0.6001.22122380,92826-Feb-200805:59x64
Polstore.mofNot Applicable1,27518-Dec-200721:07Not Applicable
Winipsec.dll6.0.6001.22122100,86426-Feb-200806:00x64
Winipsec.mofNot Applicable1,27018-Dec-200721:07Not Applicable
Fwremotesvr.dll6.0.6001.2212228,67226-Feb-200805:26x86
Ipsecsvc.mofNot Applicable1,27818-Dec-200721:07Not Applicable
Polstore.dll6.0.6001.22122272,89626-Feb-200805:30x86
Polstore.mofNot Applicable1,27518-Dec-200721:07Not Applicable
Winipsec.dll6.0.6001.2212261,44026-Feb-200805:31x86
Winipsec.mofNot Applicable1,27018-Dec-200721:07Not Applicable
For all supported IA-64-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Fwremotesvr.dll6.0.6001.2212279,87226-Feb-200805:47IA-64
Ipsecsvc.dll6.0.6001.221221,202,17626-Feb-200805:49IA-64
Ipsecsvc.mofNot Applicable1,27818-Dec-200721:07Not Applicable
Polstore.dll6.0.6001.22122778,24026-Feb-200805:52IA-64
Polstore.mofNot Applicable1,27518-Dec-200721:07Not Applicable
Winipsec.dll6.0.6001.22122152,57626-Feb-200805:54IA-64
Winipsec.mofNot Applicable1,27018-Dec-200721:07Not Applicable
Fwremotesvr.dll6.0.6001.2212228,67226-Feb-200805:26x86
Ipsecsvc.mofNot Applicable1,27818-Dec-200721:07Not Applicable
Polstore.dll6.0.6001.22122272,89626-Feb-200805:30x86
Polstore.mofNot Applicable1,27518-Dec-200721:07Not Applicable
Winipsec.dll6.0.6001.2212261,44026-Feb-200805:31x86
Winipsec.mofNot Applicable1,27018-Dec-200721:07Not Applicable
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top

MORE INFORMATION

For more information about IPsec configuration, visit the following Web site:
http://msdn.microsoft.com/en-us/library/bb736264.aspx (http://msdn.microsoft.com/en-us/library/bb736264.aspx)
For more information about IPSec policies, visit the following Web site:
http://technet.microsoft.com/en-us/library/cc781593.aspx (http://technet.microsoft.com/en-us/library/cc781593.aspx)
For more information about the tunnel mode, visit the following Web site:
http://technet.microsoft.com/en-us/library/cc737154.aspx (http://technet.microsoft.com/en-us/library/cc737154.aspx)

Additional file information for Windows Server 2008 and Windows Vista

Additional files for all supported x86-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File namePackage_1_for_kb946887~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,803
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_2_for_kb946887~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,970
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_3_for_kb946887~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,808
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_4_for_kb946887~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,808
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_client_1~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,367
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_client~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,431
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_sc_0~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,421
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_sc~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,423
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_server_0~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,425
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_server~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,431
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_winpesrv_0~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,422
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_winpesrv~31bf3856ad364e35~x86~~6.0.2.0.mum
File versionNot Applicable
File size1,429
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameX86_179c8483130de91424780c0b28b929ba_31bf3856ad364e35_6.0.6001.22122_none_7c73988244578878.manifest
File versionNot Applicable
File size723
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameX86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22122_none_44847559053148c6.manifest
File versionNot Applicable
File size35,891
Date (UTC)26-Feb-2008
Time (UTC)06:14
Additional files for all supported x64-based versions of Windows Server 2008 and Windows Vista
Collapse this tableExpand this table
File nameAmd64_6bb1f82aae964dc94409d2d1ca50bd0b_31bf3856ad364e35_6.0.6001.22122_none_86b31293c1c3ad8b.manifest
File versionNot Applicable
File size727
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameAmd64_f6f33fef0966bc0d960248bf11a4763d_31bf3856ad364e35_6.0.6001.22122_none_fa95a4d58c1045fc.manifest
File versionNot Applicable
File size1,096
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameAmd64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22122_none_a0a310dcbd8eb9fc.manifest
File versionNot Applicable
File size35,935
Date (UTC)26-Feb-2008
Time (UTC)06:46
File namePackage_1_for_kb946887~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,813
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_2_for_kb946887~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size2,225
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_3_for_kb946887~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size2,061
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_4_for_kb946887~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size2,061
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_client_1~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,375
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_client~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,439
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_sc_0~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,429
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_sc~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,431
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_server_0~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,433
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_server~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,439
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_winpesrv_0~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,430
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_winpesrv~31bf3856ad364e35~amd64~~6.0.2.0.mum
File versionNot Applicable
File size1,437
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameWow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22122_none_aaf7bb2ef1ef7bf7.manifest
File versionNot Applicable
File size26,955
Date (UTC)26-Feb-2008
Time (UTC)06:04
Additional files for all supported IA-64-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameIa64_0e281db670f21ad088e96d2d5a42ea5d_31bf3856ad364e35_6.0.6001.22122_none_717ba42f8b973be9.manifest
File versionNot Applicable
File size1,094
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameIa64_1e6cccbc508f31c8f31602e79cacd645_31bf3856ad364e35_6.0.6001.22122_none_8a5401f9a3efca8c.manifest
File versionNot Applicable
File size725
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameIa64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22122_none_4486194f052f51c2.manifest
File versionNot Applicable
File size35,913
Date (UTC)26-Feb-2008
Time (UTC)06:23
File namePackage_1_for_kb946887~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,808
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_2_for_kb946887~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size2,056
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_3_for_kb946887~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size2,056
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_sc_0~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,425
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_sc~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,426
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_server_0~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,429
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_server~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,434
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_winpesrv_0~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,426
Date (UTC)26-Feb-2008
Time (UTC)19:06
File namePackage_for_kb946887_winpesrv~31bf3856ad364e35~ia64~~6.0.2.0.mum
File versionNot Applicable
File size1,433
Date (UTC)26-Feb-2008
Time (UTC)19:06
File nameWow64_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.22122_none_aaf7bb2ef1ef7bf7.manifest
File versionNot Applicable
File size26,955
Date (UTC)26-Feb-2008
Time (UTC)06:04
Back to the top
APPLIES TO
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Vista Business 64-bit Edition
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Back to the top
Keywords: 
kbautohotfix kbexpertiseinter kbfix kbbug kbqfe kbhotfixserver KB946887
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations