Hi Jeff, I think we're just getting in deeper here :) Have you restarting the computer? Any other errors in the Event Viewer that might be helpful? Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Thursday, October 27, 2005 2:01 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > http://www.ISAserver.org > > Thanks for the suggestion Tom, but that didn't work, assuming > I understood > what you meant. > > I have a certificate in the Trusted Root CA from the > Enterprise CA. I have > a domain policy which puts this on domain members. This > certificate show as > OK and says it is intended for "all issuance policies" and > "all application > plicies". > > In the personal store I have a certificate with the DNS name > that I want to > use for OWA which was issued from the same root CA (it is the > only machine I > have running certificate services). It says its intended purpose is > "ensures the identity of a remote computer" and says "you > have a private key > that corresponds to this certificate". > > what I tried was exporting the cert from the personal store > and importing it > into the trusted store. I wasn't sure if that's what you > meant or not. > Anyway, it didn't work. > > I'm not sure if I don't have enough grasp of the certificate > store concept > or if this is just a very strange problem. The trusted root > certificate > isn't necessary to install ISA is it? I don't remember > anything about it. > I didn't think any certificates were necessary to start the > firewall service > itself. Policies or web listeners are the only thing that > came to mind as > something that would look for a certificate. I just tried > deleting all of > the policies I created and the one web listener, rebooted the > server, and > still the same errors. > > I think I'm about ready to punt. > > Jeff > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, October 27, 2005 1:02 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > http://www.ISAserver.org > > Hi Jeff, > > Try installing the CA certificate again. Export it from the Web site > certificate you're using and put the CA cert in the Trusted Root > Certification Authorities store for the machine account. > > HTH, > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Thursday, October 27, 2005 11:48 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > http://www.ISAserver.org > > > > How true! I thought I had a fairly good idea of what I was doing > > until it broke. I'd like to believe it is a software bug, > but figured > > something I did was more likely since I'm still learning this. > > > > I have a certificate for the OWA web listener in the > personal store. > > The path looks OK and it says the certificate is OK. > Deleting the web > > listener and firewall policy didn't correct the problem > which made me > > think that it was looking for another certificate > somewhere? The only > > place I recall configuring a certificate was for the web listeners. > > > > Jeff > > > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Thursday, October 27, 2005 11:57 AM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > http://www.ISAserver.org > > > > Hi Jeff, > > > > Not being sure is the most common reason for things happening that > > we're not sure why they happened :) > > > > I know, because I'm not sure what I'm doing at least half > of the time. > > And once I'm sure, I've moved on to something else that I'm > not sure > > what I'm doing. Living a life of uncertainty can get > unnerving, but I > > wouldn't trade it for the alternative :) > > > > Open the Certificates MMC and check what certs are installed in the > > machine's Personal certificate store. Double click on the Web site > > certs in the right pane of the console and check the cert path. > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > Sent: Thursday, October 27, 2005 9:26 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > > > http://www.ISAserver.org > > > > > > I must confess, I'm not sure. In hindsight, I wish I'd > > made notes of > > > exactly what I did when, but I didn't think I did anything worth > > > noting while I was doing it... ;-) > > > > > > I did have a couple of web listeners I deleted that I > wasn't using, > > > but I didn't think that should cause this error. > > > > > > I do have a certificate from my domain CA in the cert > store and one > > > for the web listener. > > > > > > I could wipe the box and reinstall since I don't have it in > > > production, but I'd like to know what is wrong to better > understand > > > how all of this works. > > > I haven't messed with this stuff since Proxy 2.0; things > > have changed > > > quite a bit. > > > > > > Jeff > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Thursday, October 27, 2005 10:12 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > > > http://www.ISAserver.org > > > > > > Wow Jeff. That's a good one. How'd you do that? > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > **Who is John Galt?** > > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Thursday, October 27, 2005 9:06 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] ISA 2004 firewall won't start anymore > > > > > > > > http://www.ISAserver.org > > > > > > > > Yesterday I finally got OWA publishing through ISA and > > immediately > > > > managed to break it somehow. After restarting ths ISA > > > services I got > > > > these errors in the event log > > > > > > > > 14177 > > > > Some certificates cannot be initialized (error code > > > -2146885628). The > > > > Web Proxy filter could not initialize. Check that all > > certificates > > > > used by the Web Proxy filter are valid. > > > > > > > > 14060 > > > > Cannot load an application filter Web Proxy Filter > > > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed > > > with code > > > > 0x80092004. To attempt to activate this application filter > > > again, stop > > > > and restart the Firewall service. > > > > 14001 > > > > > > > > Firewall Service failed to initialize. Previous event > log entries > > > > might help determine the proper action. > > > > > > > > Eventid.net didn't have anything useful, and the only > reference I > > > > found at > > > > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19; > > > > t=000394 > > > > had no resolution. I have not done an export or anything. > > > > > > > > How can I tell which certificates are used by the web proxy > > > filter as > > > > the message in 14177 suggests? > > > > > > > > Jeff > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > bunting@xxxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion > List as: tshinder@xxxxxxxxxxxxxxxxxx > To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > >