Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs.

Note: Some of the information in this section is subject to change because it applies to an unreleased, preliminary version of the Windows Server operating system, and thus may differ from the final version of the server software when released. All behavior notes that pertain to the unreleased, preliminary version of the Windows Server operating system contain specific references to Windows Server 2016 Technical Preview as an aid to the reader.

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 Technical Preview operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 1.3: IKE extensions. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The following Internet Key Exchange Protocol Extensions (defined in [MS-IKEE]) are supported:

<2> Section 1.7: Cryptographic parameters. The Authenticated Internet Protocol is implemented only in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. Microsoft implements the following algorithms.

Message authentication algorithm

Operating systems

NULL [RFC2410]

Windows Vista, Windows Server 2008 operating system, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

HMAC-SHA1-96 [RFC2404]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

HMAC-MD5-96 [RFC2403]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

AES-GMAC [RFC4543]

Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

SHA-256 [SHA256]

Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Encryption algorithm

Operating systems

NULL [RFC2410]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

DES-CBC [RFC2405]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Triple DES-CBC [RFC2451]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

AES-CBC with key sizes of 128, 192, and 256 bits [RFC3602]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

AES-GCM with key sizes of 128, 192, and 256 bits [RFC4106]

Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Diffie-Hellman

Operating systems

The default 768-bit modular exponential (MODP) group [RFC2409]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

The alternate 1024-bit MODP group [RFC2409]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

The 2048-bit MODP group [RFC3526]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

ECP_256 [ECP]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

ECP_384 [ECP]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

<3> Section 1.7: Capability negotiation. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The following vendor IDs are supported by the Microsoft implementation of the Authenticated Internet Protocol.

Operating system version

4-byte version number

Windows Vista

00 00 00 05

Windows Server 2008

00 00 00 06

Windows 7

00 00 00 07

Windows Server 2008 R2

00 00 00 08

Windows 8

00 00 00 09

Windows Server 2012

00 00 00 09

Windows 8.1

00 00 00 09

Windows Server 2012 R2

00 00 00 09

Windows 10

00 00 00 09

Windows Server 2016 Technical Preview

00 00 00 09

Common name

String representation

Wire representation (MD5 hash of string)

Microsoft implementation Windows Vista

"MS NT5 ISAKMPOAKLEY"

+version number 5

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 05

Microsoft implementation Windows Vista operating system with Service Pack 1 (SP1),  Windows Server 2008

"MS NT5 ISAKMPOAKLEY"

+version number 6

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 06

Microsoft implementation Windows 7

"MS NT5 ISAKMPOAKLEY"

+version number 7

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 07

Microsoft implementation Windows Server 2008 R2

"MS NT5 ISAKMPOAKLEY"

+version number 8

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 08

Microsoft implementation Windows 8

"MS NT5 ISAKMPOAKLEY"

+version number 9

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 09

Microsoft implementation Windows Server 2012

"MS NT5 ISAKMPOAKLEY"

+version number 9

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 09

Microsoft implementation Windows 8.1

"MS NT5 ISAKMPOAKLEY"

+version number 9

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 09

Microsoft implementation Windows Server 2012 R2

"MS NT5 ISAKMPOAKLEY"

+version number 9

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 09

Microsoft implementation Windows 10

"MS NT5 ISAKMPOAKLEY"

+version number 9

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 09

Microsoft implementation Windows Server 2016 Technical Preview

"MS NT5 ISAKMPOAKLEY"

+version number 9

1E 2B 51 69 05 99 1C 7D 7C 96 FC BF B5 87 E4 61 00 00 00 09

Kerberos authentication supported [GSS]

"GSSAPI"

62 1B 04 BB 09 88 2A C1 E1 59 35 FE FA 24 AE EE

NLB/MSCS fast failover supported [MS-IKEE]

"Vid-Initial-Contact"

26 24 4D 38 ED DB 61 B3 17 2A 36 E3 D0 CF B8 19

NLB/MSCS fast failover supported [MS-IKEE]

"NLBS_PRESENT"

72 87 2B 95 FC DA 2E B7 08 EF E3 22 11 9B 49 71

Fragmentation avoidance supported [MS-IKEE]

"FRAGMENTATION"

40 48 B7 D5 6E BC E8 85 25 E7 DE 7F 00 D6 C2 D3

NAT-T supported [MS-IKEE]

"RFC 3947"

4A 13 1C 81 07 03 58 45 5C 57 28 F2 0E 95 45 2F

Negotiation discovery supported [MS-IKEE]

"MS-Negotiation Discovery Capable"

FB 1D E3 CD F3 41 B7 EA 16 B7 E5 BE 08 55 F1 20

<4> Section 1.7: Vendor ID payload. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The following Vendor ID is sent by the Microsoft IKEv1 implementation when the initiator or responder supports both IKEv1 and the Authenticated Internet Protocol.

Common name

String representation

Wire representation (MD5 hash of string)

Authenticated Internet Protocol supported

MS-MamieExists

21 4C A4 FA FF A7 F3 2D 67 48 E5 30 33 95 AE 83

<5> Section 2.1: UDP ports. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The Authenticated Internet Protocol runs on UDP ports 500 and 4500. The UDP ports are not configurable.

<6> Section 2.2.3.1: Error codes. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The Authenticated Internet Protocol logs the failure to the Security Event Log. The Authenticated Internet Protocol does not report the error to the application whose network activity triggered the Authenticated Internet Protocol exchange. For more information about these codes, see [MS-ERREF].

<7> Section 2.2.3.1: Kerberos via proxy authentication is only supported in Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview.

<8> Section 2.2.3.2.2: In Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview implementations of the Authenticated Internet Protocol, the responder adds 8 bytes of Initialization_Vector after the seqNUM field if the GSS-API exchange has completed. The presence of the Initialization_Vector is indicated by the length of the Crypto payload (16 bytes if the Initialization_Vector is present; otherwise, 8 bytes).

<9> Section 2.2.3.5: Error codes. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. This field may take on any Windows error-code value. For more information about these codes, see [MS-ERREF].

<10> Section 3.1: Negotiation retransmission timer. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. See section 3.1.2 and its associated Windows behavior information for details about a Windows implementation of retransmission timers.

<11> Section 3.1: Cryptographic parameters. The Authenticated Internet Protocol is implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview only. Microsoft implements the following algorithms.

Message authentication algorithm

Key length (bytes)

Operating systems

NULL [RFC2410]

N/A

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

HMAC-SHA1-96 [RFC2404]

20

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

HMAC-MD5-96 [RFC2403]

16

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

AES-GMAC with key sizes of 128, 192, and 256 bits [RFC4543]

16, 24, and 32

Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

SHA-256 [SHA256]

32

Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Encryption algorithm

Key length (bytes)

Operating systems

NULL [RFC2410]

N/A

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

DES-CBC [RFC2405]

8

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Triple DES-CBC [RFC2451]

24

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

AES-CBC with key sizes of 128, 192, and 256 bits [RFC3602]

16, 24, and 32

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

AES-GCM with key sizes of 128, 192, and 256 bits [RFC4106]

16, 24, and 32

Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Diffie-Hellman

Operating systems

Default 768-bit MODP group [RFC2409]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

Alternate 1024-bit MODP group [RFC2409]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

2048-bit MODP group [RFC3526]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

ECP_256 [ECP]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

ECP_384 [ECP]

Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview

<12> Section 3.1.1: Kerberos via proxy authentication is only supported in Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview.

<13> Section 3.1.2: Negotiation retransmission timer, notify retransmission timer, authentication retry timer, responder time-out timer, NAT-T keep-alive timer, quick mode rekey timer. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview.

Negotiation retransmission timer: The first retransmission occurs after two seconds. The time-out is doubled for each subsequent retransmission up to a maximum of four retransmissions. In the shutdown phase, one retransmission, at most, is performed as described in section 3.1.7.

In Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview, the number of retransmissions of the first negotiation packet sent by the initiator is reduced to 3. Additionally, if in co-existence mode (section 1.7), and the IKEv1 negotiation gets a valid response to its first packet, then AuthIP stops its retransmission timer. If in negotiation discovery mode (see [MS-IKEE] section 1.3.5), and the responder replies with cleartext (TCP or UDP for example), then AuthIP stops its retransmission timer on receiving cleartext for the same connection that caused the initial the AuthIP negotiation.

Notify retransmission timer: The first retransmission occurs after two seconds. The time-out is doubled for each subsequent retransmission up to a maximum of four retransmissions. In the shutdown phase, one retransmission, at most, is performed as described in section 3.1.7.

Authentication retry timer: The first authentication retry is triggered within a negotiation when the current authentication method fails and there are remaining authentication methods (or remaining authentication parameters for the current methods) that can be tried before failing the negotiation. The retry timer expires when all existing authentication methods (and all authentication parameters for each configured authentication method) are exhausted. The timers mentioned in the retry state (section 3.1) are explicitly the negotiation retransmission timer on initiator and the responder time-out timer on responder.

Responder time-out timer: The responder deletes its state if it does not receive a message from the initiator within 60 seconds. The responder MUST send a NOTIFY_STATUS notify payload.

NAT-T keep-alive timer: The timer expires after 20 seconds.

quick mode rekey timer: The timer expires after 60 seconds and all old QM SAs are deleted. The responder MUST send a NOTIFY_STATUS notify payload.

<14> Section 3.2.4: Vendor ID payload. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The following Vendor ID is sent by the Microsoft IKEv1 implementation when the initiator or responder supports both IKEv1 and the Authenticated Internet Protocol.

Common name

String representation

Wire representation (MD5 hash of string)

Authenticated Internet Protocol supported

MS-MamieExists

21 4C A4 FA FF A7 F3 2D 67 48 E5 30 33 95 AE 83

<15> Section 3.2.5.1: Message ID field verification. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. These operating systems do not verify that the message ID field is zero.

<16> Section 3.3.5.1: Message ID field verification. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. These operating systems do not verify that the message ID field is zero.

<17> Section 3.4.5.1: KeyDictationWt is supported only in Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview.

<18> Section 3.6.5.1: Encrypted flag verification is implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview implementations do not verify that the encrypted flag is not set for payloads denoted as HDR in the payload exchange.

<19> Section 3.7.5.1: Message ID field verification is implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. Windows Vista does not verify that the message ID field is set to one. Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview verify that the message ID field is one.

<20> Section 3.8.5.1: Encrypted flag verification is implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview implementations do not verify that the encrypted flag is not set for payloads denoted as HDR in the payload exchange.

<21> Section 3.8.7.1: Encrypted flag verification is implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview implementations do not verify that the encrypted flag is not set for payloads denoted as HDR in the payload exchange.

<22> Section 3.10.4.1:  It is possible for the cleartext SYN message to be received before the ESP SYN message. If this scenario occurs, a common practice for the server is to drop both messages, after which the client must attempt to reconnect. This reconnection attempt will delay a connection by approximately three seconds. For inbound TCP connections where NAT-T is not enabled, Windows can be configured to decrypt the ESP SYN message and send it up the stack as if it were the cleartext SYN message. By taking this action, the client is not required to reconnect. Windows Server 2012 R2 with [MSKB-3023555] and all subsequent versions of Windows according to the applicability list at the beginning of this section support this behavior.

<23> Section 4.3: Error codes. Implemented in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 Technical Preview. The Authenticated Internet Protocol logs the failure to the Security Event Log. For more information about these codes, see [MS-ERREF].

Show:
© 2015 Microsoft