http://www.ISAserver.org ------------------------------------------------------- Good idea. Thanks. I've not used that before, but I've just now downloaded it. Thanks, Rob -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison Sent: Thursday, April 05, 2007 1:17 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: ISA 2006 Firewall Service not starting http://www.ISAserver.org ------------------------------------------------------- That is a certificate-specific error. What does ISABPA have to say about them? We have cert-specific validations in that kewl tewl... -----Original Message----- From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Rob Moore Sent: Thursday, April 05, 2007 9:33 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] ISA 2006 Firewall Service not starting I'm sending this again, because it didn't seem to go through the first time. I sent it a couple of hours ago, but I haven't seen it come out on the list yet. All I've gotten were two "Out of Office" messages. Sorry if it ends up getting posted twice. Rob _____________________________________________ From: Rob Moore Sent: Thursday, April 05, 2007 10:05 AM To: 'isalist@xxxxxxxxxxxxx' Subject: ISA 2006 Firewall Service not starting Hello list- Yesterday I exported the settings from my ISA 2004 Standard (on Windows 2003 SP1) server and imported them on my new ISA 2006 Standard (on Windows 2003 SP2) server. Following the MS guide for this migration (http://www.microsoft.com/technet/isa/2006/upgrade_guide_se.mspx#Migrati on <http://www.microsoft.com/technet/isa/2006/upgrade_guide_se.mspx#Migrati on> ) I also imported the SSL certificate for publishing my OWA site, installed a new certificate from my internal CA for VPN encryption, and created the user account for my L2TP site-to-site connection. This morning I tried to swap the two boxes. But the Microsoft Firewall service wouldn't start on the ISA 2006 box. I got this error: "The Microsoft Firewall service terminated with service-specific error 2148081668 (0x80092004)". When I take the server out of production and boot it up with only the LAN cable attached, the Firewall service starts. I've done a bit of digging around and found a year-and-a-half old conversation between Tom and someone talking about certificates needing to be installed in the Trusted Root Certification Authorities. I looked there, and my new server doesn't seem to have anything there from Comodo-the supplier of our OWA certificate-whereas my old server does. Could that be causing the firewall service not to start when the WAN cable is connected to the world? Is there another path I need to check out? Thanks, Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Rob Moore Network Manager 215-241-7870 Help Desk: 800-500-AFSC ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx