6 Appendix A: Product Behavior

  • Article

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • Windows 2000 operating system

  • Windows XP operating system

  • Windows XP operating system Service Pack 2 (SP2)

  • Windows Server 2003 operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

  • Windows 10 operating system

  • Windows Server 2016 operating system

  • Windows Server operating system

  • Windows Server 2019 operating system 

  • Windows Server 2022 operating system

  • Windows 11 operating system

  • Windows Server 2025 operating system

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.2.1.2.1: The ipsecName is not used in Windows, and its value as purely descriptive.

<2> Section 2.2.1.2.1: The New-DH-1 field is not implemented in Windows 2000 and Windows XP.

<3> Section 2.2.1.2.1: The New-DH-2 field is not implemented in Windows 2000 and Windows XP.

<4> Section 2.2.1.2.1: The New-DH-3 field is not implemented in Windows 2000 and Windows XP.

<5> Section 2.2.1.2.1: The New-DH-4 field is not implemented in Windows 2000 and Windows XP.

<6> Section 2.2.1.3.1: Except for Windows Server 2003 and Windows XP SP2, Windows honors the settings in the additional data. Windows Server 2003 and Windows XP SP2 read only up to the value specified in the data length; the additional data is ignored.

<7> Section 2.2.1.3.1: In Windows, the name is in the format "OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation,CN=Microsoft Root Authority".

<8> Section 2.2.1.3.1: IPv6 address support for Tunnel-Address, Source-Address, and Destination-Address is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<9> Section 2.2.1.3.1: The Alt-Auth-Method-Id1 field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<10> Section 2.2.1.3.1: The Alt-Auth-Num-Methods-Count field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<11> Section 2.2.1.3.1: The Alt-Auth-Method-Data field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<12> Section 2.2.1.3.1: The Alt-Auth-Type field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<13> Section 2.2.1.3.1: The Alt-Auth-Method-Length field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<14> Section 2.2.1.3.1: The Alt-Auth-Method-Value field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<15> Section 2.2.1.3.1: In Windows, the name is in the format "OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation,CN=Microsoft Root Authority".

<16> Section 2.2.1.3.1: The Alt-Auth-Method-Id2 field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<17> Section 2.2.1.3.1: The Alt-Auth-Method-Flags field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<18> Section 2.2.1.3.1: The (Optional) IPv6-Tunnel-Mode-ID field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<19> Section 2.2.1.3.1: The (Optional) IPv6-Tunnel-Mode-Address field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<20> Section 2.2.1.4.1: ipsecName is not used by Windows in its implementation. Windows considers this value as purely descriptive.

<21> Section 2.2.1.5.1:  On Windows XP SP2 and Windows Server 2003, this field is always one byte less than the size of the following data encoded as an octet stream.

<22> Section 2.2.1.5.1: The Legacy-Special-Filter special-filter is not implemented in Windows 2000 and Windows XP.

<23> Section 2.2.1.5.1: The Filter-Policy-ID2 field with curly braced GUID string {35FECD3D-AE29-4373-8A6A-C5D8FAB2FB08} is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<24> Section 2.2.1.5.1: The Source-Address-Data field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<25> Section 2.2.1.5.1: The Destination-Address-Data field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<26> Section 2.2.1.5.1: The Source-Port-Data field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<27> Section 2.2.1.5.1: The Destination-Port-Data field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<28> Section 2.2.1.5.1: The Filter-Protocol field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<29> Section 2.2.1.5.1: The Filter-Flags field is not implemented in Windows 2000, Windows XP, and Windows Server 2003.

<30> Section 3.1.5.7: Windows does not update the ipsecOwnersReference, description, or ipsecName field.