Site to Site VPN logs on Windows Server 2022

Question

Site to Site VPN logs on Windows Server 2022

Anonymous

Hello,

I have the following scenario: firewall connected with a Main Mode Site to Site VPN on Windows 2022.

VPN Policy on Windows Server is configured on Windows Firewall - Connection Security Rules.
There are issue on the Phase 2 of the VPN: while Phase 1 is completed, Phase 2 is always starting.

Where I can find the VPN logs on Windows 2022? I have checked the Event Viewer with no luck.

Windows Firewall logs are only showing the connection on port 500 without details.

Thank you.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

1 answer

Answer 1

Hello,

If the VPN logs in the system are not detailed enough, you may need to capture traffic packets to troubleshoot the cause., you can use the built-in Microsoft Network Monitor tool. Here are the steps to follow:

Download and install Microsoft Network Monitor from the Microsoft website.
Open Network Monitor and start a new capture.
In the Capture tab, select the network interface that is connected to the VPN.
Click on the Start button to begin the capture.
Reproduce the issue by attempting to establish the VPN connection.
Stop the capture and filter the results by the IP address of the remote VPN endpoint.
Look for any packets related to the VPN connection and analyze them to determine the cause of the issue.

Best regards

Zunhui

Share via

Site to Site VPN logs on Windows Server 2022

1 answer