Windows Server Event: 4963

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Windows Server Event: 4963

Event ID 4963 - IPsec dropped an inbound clear text packet that should have been secured.

Description IPsec dropped an inbound clear text packet that should have been secured.
Category System
Subcategory IPSec driver

This log data gives the following information:

  • Remote network address
  • Inbound SA SPI

Reasons to monitor this event:

  • If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected.
  • This can also be caused by the remote computer changing its IPsec policy without informing this computer.
  • This could also be a spoofing attack attempt.

Pro tip:

With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all IPsec security associations, helping you meet your security, operational, and compliance needs with absolute ease.

Event 4963 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing