Error 4037 on Watchguard Mobile VPN (IPSEC)

Connection fails after Phase 1. Log indicates "phase1...ERROR - Delete indication received" and "cleared by phase 1"
Log then indicates ERROR - 4037: IKE(phase2):Waiting for message2, cleared by phase1


  • edited June 2022

    The same problem here. The Firebox has been upgraded to version 12.8.1 and the WatchGuard IPSec Mobile VPN Client version 15.04. is used. Is there already a solution?
    By the way, the old Shrewsoft VPN client works.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Holtzi @A_Watchguard_Admin
    I haven't found any reports of this via support cases yet. Can either/both of you please create a case (please use the support center button at the top right of the page) so we can gather more data on this error?

    -James Carson
    WatchGuard Customer Support

  • edited September 2022

    I have sometimes the same error when installing 15.04 since the release.
    Workaround is to uninstall the VPN client, delete the NCP certificate, install an older version (for example 14.20), start it and connect with it and then update to 15.04.
    For me in this way it is always working.
    Or to avoid this problem, install the older version, connect and then update.

  • What Certificate did you delete to get it to work?
    I tried to uninstall 15.04 and install 14.11 but get the same issues in 14.11.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    The certs I'm aware of in windows are in cert manager (win+r, type certmgr.msc, click OK/run)
    Under Trusted Publishers -> Certificates. There should be two NCP certificates there.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.