Knowledge

ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS - 13902 (0x364E)

SA was deleted due to IKEv1/AuthIP co-existence suppress check.

Updated: Feb 21, 2026

Technical Background

The ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS error code is encountered in the context of Internet Protocol Security (IPsec) and its implementation within Windows. Specifically, this error indicates that a Security Association (SA) was deleted due to a co-existence check between IKEv1 and AuthIP protocols.

Error Details

The ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS is a specific error code indicating a scenario where the IPsec stack in Windows has detected an issue related to the coexistence of two different security protocols: IKEv1 and AuthIP. The primary function of this check is to ensure that only one protocol can be active at any given time, preventing potential conflicts or vulnerabilities.

Common Causes

  • Incorrect Protocol Configuration: Misconfiguration of IPsec policies leading to both IKEv1 and AuthIP being enabled simultaneously.
  • Security Policy Violation: Attempting to establish an SA when the co-existence check fails due to conflicting protocols.

Real-World Context

In a typical Windows environment, IPsec is used for securing network communications. IKEv1 and AuthIP are two different mechanisms that can be employed within this framework. The ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS error typically arises when an attempt is made to establish an SA in a scenario where both protocols are active, leading to the deletion of the SA due to the co-existence check failing.

Is This Error Critical?

The criticality of this error depends on the specific context. If the SA was deleted as part of a planned maintenance or policy update, it may not be critical. However, if the deletion of the SA disrupts ongoing network communications, it could indicate an issue that needs to be addressed.

How to Diagnose

  1. Review IPsec Policies: Verify the current configuration of IPsec policies and ensure they do not conflict with each other.
  2. Check Protocol Usage: Confirm which protocols are enabled and in use within the network environment.
  3. Log Analysis: Review security event logs for any related events or warnings that might provide additional context.

How to Resolve

  1. Correct Configuration: Ensure that only one protocol is active at a time by configuring IPsec policies accordingly.
  2. Policy Update: Apply the necessary updates or changes to the IPsec policy to resolve the co-existence issue.
  3. Restart Services: Restart relevant network services to ensure all configurations are applied correctly.

Developer Notes

When encountering this error, developers should focus on ensuring that their applications and policies adhere to best practices for IPsec configuration, particularly in scenarios where multiple security protocols might be involved.

Related Errors

  • ERROR_IPSEC_IKE_AUTHIP_MISMATCH (13904): Indicates a mismatch between IKEv1 and AuthIP configurations.
  • ERROR_IPSEC_IKE_NO_VALID_SAS (13925): No valid Security Associations exist, which could be related to co-existence issues.

FAQ

Q: What does the ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS error mean?

A: This error indicates that a Security Association was deleted due to a co-existence check between IKEv1 and AuthIP protocols failing.

Q: How can I prevent this error from occurring?

A: Ensure proper configuration of IPsec policies, enabling only one protocol at a time, and review logs for any related warnings or errors.

Summary

The ERROR_IPSEC_IKE_COEXISTENCE_SUPPRESS is a specific error code that occurs when the co-existence check between IKEv1 and AuthIP protocols fails. This typically results in the deletion of an SA to prevent potential conflicts. Diagnosing and resolving this issue involves reviewing IPsec policies, ensuring correct protocol usage, and applying necessary updates or changes.