RE: ISA 2004 firewall won't start anymore
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Thu, 27 Oct 2005 12:01:45 -0500
Hi Jeff,
Try installing the CA certificate again. Export it from the Web site
certificate you're using and put the CA cert in the Trusted Root
Certification Authorities store for the machine account.
HTH,
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 11:48 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
>
> http://www.ISAserver.org
>
> How true! I thought I had a fairly good idea of what I was
> doing until it
> broke. I'd like to believe it is a software bug, but figured
> something I
> did was more likely since I'm still learning this.
>
> I have a certificate for the OWA web listener in the personal
> store. The
> path looks OK and it says the certificate is OK. Deleting
> the web listener
> and firewall policy didn't correct the problem which made me
> think that it
> was looking for another certificate somewhere? The only
> place I recall
> configuring a certificate was for the web listeners.
>
> Jeff
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 11:57 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
>
> http://www.ISAserver.org
>
> Hi Jeff,
>
> Not being sure is the most common reason for things happening
> that we're not
> sure why they happened :)
>
> I know, because I'm not sure what I'm doing at least half of the time.
> And once I'm sure, I've moved on to something else that I'm
> not sure what
> I'm doing. Living a life of uncertainty can get unnerving,
> but I wouldn't
> trade it for the alternative :)
>
> Open the Certificates MMC and check what certs are installed in the
> machine's Personal certificate store. Double click on the Web
> site certs in
> the right pane of the console and check the cert path.
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 9:26 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> >
> > http://www.ISAserver.org
> >
> > I must confess, I'm not sure. In hindsight, I wish I'd
> made notes of
> > exactly what I did when, but I didn't think I did anything worth
> > noting while I was doing it... ;-)
> >
> > I did have a couple of web listeners I deleted that I wasn't using,
> > but I didn't think that should cause this error.
> >
> > I do have a certificate from my domain CA in the cert store and one
> > for the web listener.
> >
> > I could wipe the box and reinstall since I don't have it in
> > production, but I'd like to know what is wrong to better understand
> > how all of this works.
> > I haven't messed with this stuff since Proxy 2.0; things
> have changed
> > quite a bit.
> >
> > Jeff
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 10:12 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> >
> > http://www.ISAserver.org
> >
> > Wow Jeff. That's a good one. How'd you do that?
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 9:06 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] ISA 2004 firewall won't start anymore
> > >
> > > http://www.ISAserver.org
> > >
> > > Yesterday I finally got OWA publishing through ISA and
> immediately
> > > managed to break it somehow. After restarting ths ISA
> > services I got
> > > these errors in the event log
> > >
> > > 14177
> > > Some certificates cannot be initialized (error code
> > -2146885628). The
> > > Web Proxy filter could not initialize. Check that all
> certificates
> > > used by the Web Proxy filter are valid.
> > >
> > > 14060
> > > Cannot load an application filter Web Proxy Filter
> > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed
> > with code
> > > 0x80092004. To attempt to activate this application filter
> > again, stop
> > > and restart the Firewall service.
> > > 14001
> > >
> > > Firewall Service failed to initialize. Previous event log entries
> > > might help determine the proper action.
> > >
> > > Eventid.net didn't have anything useful, and the only reference I
> > > found at
> > > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19;
> > > t=000394
> > > had no resolution. I have not done an export or anything.
> > >
> > > How can I tell which certificates are used by the web proxy
> > filter as
> > > the message in 14177 suggests?
> > >
> > > Jeff
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > bunting@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bunting@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
