You can use the Oakley log to view details about the SA establishment process. The Oakley log is enabled in the registry. It is not enabled by default. To enable the Oakley log, set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PolicyAgent\Oakley\EnableLogging registry setting to 1. The Oakley key does not exist by default and must be created. For more information about adding values to registry keys, see To add a value
After it is enabled, the Oakley log, which is stored in the systemroot\Debug folder, records all ISAKMP main mode or quick mode negotiations. A new Oakley.log file is created each time the IPSec Policy Agent is started and the previous version of the Oakley.log file is saved as Oakley.log.sav.
To activate the new EnableLogging registry setting after modifying its value, stop and start the IPSec Policy Agent and related IPSec services by running the net stop policyagent and net start policyagent commands at the command prompt. If you are restarting the IPSec Policy Agent and related services on a computer running Windows 2000 Server and the Routing and Remote Access service, use the following sequence of commands:
Stop the Routing and Remote Access service using the net stop remoteaccess command.
Stop the IPSec services using the net stop policyagent command.
Start the IPSec services using the net start policyagent command.
Start the Routing and Remote Access service using the net start remoteaccess command.