Communication is interrupted periodically when you start a communication from a computer that is running Windows Vista or Windows Server 2008 to a computer that is running Windows XP or Windows Server 2003

Article translations Article translations
Article ID: 977526 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenario:
  • In a network environment, you have two computers:
    • The first computer is running Windows Vista or Windows Server 2008. This computer does not have a valid Internet Protocol security (IPsec) certificate.
    • The second computer is running Windows XP or Windows Server 2003. This computer has a valid IPsec certificate.
  • You deploy some IPsec policies to the first computer by using Group Policy object (GPO).
  • You enable the "Fallback to clear" functionality on the second computer.
  • On the second computer, you set the value of the following registry entry as 0x14:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent\Oakley\IKEFlags
  • You try to start a communication from the first computer to the second computer. For example, you try to access a shared folder on the second computer from the first computer, and you try to copy the files in the shared folder to the first computer.
In this scenario, the communication between the two computers is interrupted periodically. Therefore, you cannot copy large files, such as software updates, from the second computer to the first computer.

Notes
  • The Simple Policy Update is required to be installed on the second computer that is running Windows XP or Windows Server 2003. The Simple Policy Update is included in Windows Server 2003 Service Pack 2 and Windows XP Service Pack 3.
  • To enable the "Fallback to clear" functionality, create a Negotiate Security filter action, and then enable the following two settings:
    • Allow unsecured communication with non-IPsec-aware computer
    • Accept unsecured communication, but always respond using IPsec
  • If you start the communication from the second computer to the first computer, the "Fallback to clear" functionality works correctly. In this situation, it takes 500 milliseconds (ms) to start the communication.
  • If the value of the IKEFlags registry entry is not set to 0x14, the "Fallback to clear" functionality does not work. In this situation, no communication is established between the two computers.

CAUSE

In this situation, the issue occurs because the "Fallback to clear" functionality is not working correctly. When the communication is started, the connection is lost for one minute. Then a soft security association (Soft SA) is created, and the connection is resumed. This connection can last for several minutes. When the Soft SA expires, the connection is again lost for one minute, and then the connection is resumed again and can last for several minutes. This continues in a loop.

RESOLUTION

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, your computer must be running one of the following operating systems:
  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)
For more information about how to obtain a Windows Vista service pack, click the following article number to view the article in the Microsoft Knowledge Base:
935791 How to obtain the latest Windows Vista service pack
For more information about how to obtain a Windows Server 2008 service pack, click the following article number to view the article in the Microsoft Knowledge Base:
968849 How to obtain the latest service pack for Windows Server 2008

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The English (United States) version of this hotfix installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Vista and Windows Server 2008 file information notes
Important Windows Vista hotfixes and Windows Server 2008 hotfixes are included in the same packages. However, only "Windows Vista" is listed on the Hotfix Request page. To request the hotfix package that applies to one or both of these operating systems, select the hotfix that is listed under "Windows Vista" on the page. Always refer to the "Applies To" section in articles to determine the actual operating system that each hotfix applies to.
  • The files that apply to a specific product, SR_Level (RTM, SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table.
    Collapse this tableExpand this table
    VersionProductSR_LevelService branch
    6.0.600 1 . 22xxxWindows Vista and Windows Server 2008SP1LDR
    6.0.600 2 . 22xxxWindows Vista and Windows Server 2008SP2LDR
  • Service Pack 1 is integrated into the release version of Windows Server 2008. Therefore, RTM milestone files apply only to Windows Vista. RTM milestone files have a 6.0.0000.xxxxxx version number.
  • The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 and for Windows Vista" section. MUM files and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Netio.sys6.0.6001.22563220,24812-Nov-200918:29x86
Bfe.dll6.0.6001.22563328,70412-Nov-200917:49x86
Fwpkclnt.sys6.0.6001.2256398,39212-Nov-200918:28x86
Fwpuclnt.dll6.0.6001.22563595,45612-Nov-200917:50x86
Ikeext.dll6.0.6001.22563438,27212-Nov-200917:50x86
Wfp.mofNot Applicable81401-Apr-200919:02Not Applicable
Wfp.tmfNot Applicable208,96612-Nov-200915:50Not Applicable
Bfe.dll6.0.6002.22267334,84812-Nov-200917:35x86
Fwpkclnt.sys6.0.6002.2226798,36012-Nov-200918:18x86
Fwpuclnt.dll6.0.6002.22267595,96812-Nov-200917:36x86
Ikeext.dll6.0.6002.22267438,78412-Nov-200917:36x86
Wfp.mofNot Applicable81403-Apr-200921:07Not Applicable
Wfp.tmfNot Applicable208,96612-Nov-200915:38Not Applicable
Tcpip.sys6.0.6001.22563902,23212-Nov-200918:29x86
For all supported x64-based versions of Windows Server 2008 and of Windows Vista
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Netio.sys6.0.6001.22563342,61612-Nov-200919:05x64
Bfe.dll6.0.6001.22563458,24012-Nov-200918:19x64
Fwpkclnt.sys6.0.6001.22563165,46412-Nov-200919:05x64
Fwpuclnt.dll6.0.6001.22563779,77612-Nov-200918:21x64
Ikeext.dll6.0.6001.22563454,65612-Nov-200918:22x64
Wfp.mofNot Applicable81401-Apr-200916:13Not Applicable
Wfp.tmfNot Applicable207,86312-Nov-200916:16Not Applicable
Bfe.dll6.0.6002.22267458,24012-Nov-200917:40x64
Fwpkclnt.sys6.0.6002.22267165,44812-Nov-200918:23x64
Fwpuclnt.dll6.0.6002.22267781,31212-Nov-200917:41x64
Ikeext.dll6.0.6002.22267454,65612-Nov-200917:41x64
Wfp.mofNot Applicable81403-Apr-200920:51Not Applicable
Wfp.tmfNot Applicable207,42512-Nov-200915:55Not Applicable
Tcpip.sys6.0.6001.225631,414,23212-Nov-200919:05x64
Fwpuclnt.dll6.0.6001.22563595,45612-Nov-200917:50x86
Wfp.mofNot Applicable81401-Apr-200919:02Not Applicable
Fwpuclnt.dll6.0.6002.22267595,96812-Nov-200917:36x86
Wfp.mofNot Applicable81403-Apr-200921:07Not Applicable
For all supported IA-64-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Netio.sys6.0.6001.22563638,55212-Nov-200918:51IA-64
Bfe.dll6.0.6001.22563781,31212-Nov-200918:05IA-64
Fwpkclnt.sys6.0.6001.22563261,19212-Nov-200918:51IA-64
Fwpuclnt.dll6.0.6001.225631,122,30412-Nov-200918:07IA-64
Ikeext.dll6.0.6001.22563925,69612-Nov-200918:07IA-64
Wfp.mofNot Applicable81401-Apr-200916:14Not Applicable
Wfp.tmfNot Applicable207,76912-Nov-200916:11Not Applicable
Bfe.dll6.0.6002.22267781,31215-Nov-200919:09IA-64
Fwpkclnt.sys6.0.6002.22267261,19215-Nov-200919:48IA-64
Fwpuclnt.dll6.0.6002.222671,123,84015-Nov-200919:10IA-64
Ikeext.dll6.0.6002.22267925,69615-Nov-200919:10IA-64
Wfp.mofNot Applicable81403-Apr-200920:51Not Applicable
Wfp.tmfNot Applicable207,96315-Nov-200917:03Not Applicable
Tcpip.sys6.0.6001.225632,941,01612-Nov-200918:50IA-64
Fwpuclnt.dll6.0.6001.22563595,45612-Nov-200917:50x86
Wfp.mofNot Applicable81401-Apr-200919:02Not Applicable
Fwpuclnt.dll6.0.6002.22267595,96812-Nov-200917:36x86
Wfp.mofNot Applicable81403-Apr-200921:07Not Applicable

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

"Fallback to clear" is a functionality that enables nonsecure traffic when a secure communication cannot be established. For more information about the "Fallback to clear" functionality, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/bb726975.aspx
For more information about Simple Policy Update, click the following article number to view the article in the Microsoft Knowledge Base:
914841 How to simplify the creation and maintenance of Internet Protocol (IPsec) security filters in Windows Server 2003 and Windows XP
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information

Additional file information for Windows Vista and for Windows Server 2008

Additional files for all supported x86-based versions of Windows Vista and of Windows Server 2008
Collapse this tableExpand this table
File namePackage_for_kb977526_client_1~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,641
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_client_2~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,694
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_client~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,713
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_sc_0~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,422
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_sc_1~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,690
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_sc~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,701
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_server_0~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,425
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_server_1~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,694
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_server~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,713
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_winpesrv_0~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,422
Date (UTC)16-Nov-2009
Time (UTC)08:52
File namePackage_for_kb977526_winpesrv~31bf3856ad364e35~x86~~6.0.1.0.mum
File versionNot Applicable
File size1,430
Date (UTC)16-Nov-2009
Time (UTC)08:52
File nameX86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22563_none_56e7328ece990f70.manifest
File versionNot Applicable
File size3,908
Date (UTC)12-Nov-2009
Time (UTC)19:49
File nameX86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22563_none_cd7035a243d6601a.manifest
File versionNot Applicable
File size127,634
Date (UTC)12-Nov-2009
Time (UTC)19:52
File nameX86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.22267_none_cf5aa8b240f91a9a.manifest
File versionNot Applicable
File size127,634
Date (UTC)12-Nov-2009
Time (UTC)19:23
File nameX86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22563_none_b369d80b7fb1c907.manifest
File versionNot Applicable
File size6,254
Date (UTC)12-Nov-2009
Time (UTC)19:53
Additional files for all supported x64-based versions of Windows Vista and of Windows Server 2008
Collapse this tableExpand this table
File nameAmd64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22563_none_b305ce1286f680a6.manifest
File versionNot Applicable
File size3,916
Date (UTC)13-Nov-2009
Time (UTC)11:22
File nameAmd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22563_none_298ed125fc33d150.manifest
File versionNot Applicable
File size127,680
Date (UTC)13-Nov-2009
Time (UTC)11:24
File nameAmd64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.22267_none_2b794435f9568bd0.manifest
File versionNot Applicable
File size127,680
Date (UTC)12-Nov-2009
Time (UTC)19:24
File nameAmd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22563_none_0f88738f380f3a3d.manifest
File versionNot Applicable
File size6,276
Date (UTC)13-Nov-2009
Time (UTC)11:25
File namePackage_for_kb977526_client_1~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,651
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_client_2~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,706
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_client~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,723
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_sc_0~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,430
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_sc_1~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,702
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_sc~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,711
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_server_0~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,433
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_server_1~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,706
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_server~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,723
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_winpesrv_0~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,430
Date (UTC)16-Nov-2009
Time (UTC)08:54
File namePackage_for_kb977526_winpesrv~31bf3856ad364e35~amd64~~6.0.1.0.mum
File versionNot Applicable
File size1,438
Date (UTC)16-Nov-2009
Time (UTC)08:54
File nameWow64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22563_none_bd5a7864bb5742a1.manifest
File versionNot Applicable
File size2,730
Date (UTC)12-Nov-2009
Time (UTC)19:39
File nameWow64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22563_none_33e37b783094934b.manifest
File versionNot Applicable
File size71,155
Date (UTC)12-Nov-2009
Time (UTC)19:40
File nameWow64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.22267_none_35cdee882db74dcb.manifest
File versionNot Applicable
File size71,155
Date (UTC)12-Nov-2009
Time (UTC)19:16
Additional files for all supported IA-64-based versions of Windows Server 2008
Collapse this tableExpand this table
File nameIa64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22563_none_56e8d684ce97186c.manifest
File versionNot Applicable
File size3,912
Date (UTC)12-Nov-2009
Time (UTC)21:34
File nameIa64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22563_none_cd71d99843d46916.manifest
File versionNot Applicable
File size127,657
Date (UTC)12-Nov-2009
Time (UTC)21:36
File nameIa64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.22267_none_cf5c4ca840f72396.manifest
File versionNot Applicable
File size127,657
Date (UTC)16-Nov-2009
Time (UTC)07:30
File nameIa64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22563_none_b36b7c017fafd203.manifest
File versionNot Applicable
File size6,265
Date (UTC)12-Nov-2009
Time (UTC)21:37
File namePackage_for_kb977526_sc_0~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,425
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_sc_1~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,530
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_sc~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,706
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_server_0~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,429
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_server_1~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,533
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_server~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,718
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_winpesrv_0~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,426
Date (UTC)16-Nov-2009
Time (UTC)11:02
File namePackage_for_kb977526_winpesrv~31bf3856ad364e35~ia64~~6.0.1.0.mum
File versionNot Applicable
File size1,434
Date (UTC)16-Nov-2009
Time (UTC)11:02
File nameWow64_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22563_none_bd5a7864bb5742a1.manifest
File versionNot Applicable
File size2,730
Date (UTC)12-Nov-2009
Time (UTC)19:39
File nameWow64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22563_none_33e37b783094934b.manifest
File versionNot Applicable
File size71,155
Date (UTC)12-Nov-2009
Time (UTC)19:40
File nameWow64_microsoft-windows-network-security_31bf3856ad364e35_6.0.6002.22267_none_35cdee882db74dcb.manifest
File versionNot Applicable
File size71,155
Date (UTC)12-Nov-2009
Time (UTC)19:16

Properties

Article ID: 977526 - Last Review: October 7, 2011 - Revision: 2.0
APPLIES TO
  • Windows Vista Starter
  • Windows Vista Home Basic
  • Windows Vista Home Premium
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Ultimate
  • Windows Vista Enterprise 64-bit Edition
  • Windows Vista Home Basic 64-bit Edition
  • Windows Vista Home Premium 64-bit Edition
  • Windows Vista Ultimate 64-bit Edition
  • Windows Web Server 2008
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows HPC Server 2008
Keywords: 
kbexpertiseadvanced kbautohotfix kbfix kbsurveynew kbqfe KB977526

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com