RE: ISA 2004 firewall won't start anymore

• From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 27 Oct 2005 17:25:08 -0400

Tom,
 
I think you're right.  I sure feel like I'm wading through quicksand.

I've restarted many times, but no dice.  The only other error is good ole
7024 from the system log, the service wouldn't start, with the same error
code as reported in the application log:

The Microsoft Firewall service terminated with service-specific error
2148081668 (0x80092004).


Jeff


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, October 27, 2005 3:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore

http://www.ISAserver.org

Hi Jeff,

I think we're just getting in deeper here :)

Have you restarting the computer?

Any other errors in the Event Viewer that might be helpful?

Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 2:01 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> 
> http://www.ISAserver.org
> 
> Thanks for the suggestion Tom, but that didn't work, assuming I 
> understood what you meant.
> 
> I have a certificate in the Trusted Root CA from the Enterprise CA.  I 
> have a domain policy which puts this on domain members.  This 
> certificate show as OK and says it is intended for "all issuance 
> policies" and "all application plicies".
> 
> In the personal store I have a certificate with the DNS name that I 
> want to use for OWA which was issued from the same root CA (it is the 
> only machine I have running certificate services).  It says its 
> intended purpose is "ensures the identity of a remote computer" and 
> says "you have a private key that corresponds to this certificate".
> 
> what I tried was exporting the cert from the personal store and 
> importing it into the trusted store.  I wasn't sure if that's what you 
> meant or not.
> Anyway, it didn't work.
> 
> I'm not sure if I don't have enough grasp of the certificate store 
> concept or if this is just a very strange problem.  The trusted root 
> certificate isn't necessary to install ISA is it?  I don't remember 
> anything about it.
> I didn't think any certificates were necessary to start the firewall 
> service itself.  Policies or web listeners are the only thing that 
> came to mind as something that would look for a certificate.  I just 
> tried deleting all of the policies I created and the one web listener, 
> rebooted the server, and still the same errors.
> 
> I think I'm about ready to punt.
> 
> Jeff
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 1:02 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> 
> http://www.ISAserver.org
> 
> Hi Jeff,
> 
> Try installing the CA certificate again. Export it from the Web site 
> certificate you're using and put the CA cert in the Trusted Root 
> Certification Authorities store for the machine account.
> 
> HTH,
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 11:48 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > 
> > http://www.ISAserver.org
> > 
> > How true!  I thought I had a fairly good idea of what I was doing 
> > until it broke.  I'd like to believe it is a software bug,
> but figured
> > something I did was more likely since I'm still learning this.
> > 
> > I have a certificate for the OWA web listener in the
> personal store.  
> > The path looks OK and it says the certificate is OK.  
> Deleting the web
> > listener and firewall policy didn't correct the problem
> which made me
> > think that it was looking for another certificate
> somewhere?  The only
> > place I recall configuring a certificate was for the web listeners.
> > 
> > Jeff
> > 
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 11:57 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > 
> > http://www.ISAserver.org
> > 
> > Hi Jeff,
> > 
> > Not being sure is the most common reason for things happening that 
> > we're not sure why they happened :)
> > 
> > I know, because I'm not sure what I'm doing at least half
> of the time.
> > And once I'm sure, I've moved on to something else that I'm
> not sure
> > what I'm doing. Living a life of uncertainty can get
> unnerving, but I
> > wouldn't trade it for the alternative :)
> > 
> > Open the Certificates MMC and check what certs are installed in the 
> > machine's Personal certificate store. Double click on the Web site 
> > certs in the right pane of the console and check the cert path.
> > 
> > HTH,
> > Tom
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 9:26 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > 
> > > http://www.ISAserver.org
> > > 
> > > I must confess, I'm not sure.  In hindsight, I wish I'd
> > made notes of
> > > exactly what I did when, but I didn't think I did anything worth 
> > > noting while I was doing it... ;-)
> > > 
> > > I did have a couple of web listeners I deleted that I
> wasn't using,
> > > but I didn't think that should cause this error.
> > > 
> > > I do have a certificate from my domain CA in the cert
> store and one
> > > for the web listener.
> > > 
> > > I could wipe the box and reinstall since I don't have it in 
> > > production, but I'd like to know what is wrong to better
> understand
> > > how all of this works.
> > > I haven't messed with this stuff since Proxy 2.0; things
> > have changed
> > > quite a bit.
> > > 
> > > Jeff
> > > 
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 10:12 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Wow Jeff. That's a good one. How'd you do that?
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > > 
> > >  
> > > 
> > > > -----Original Message-----
> > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > > Sent: Thursday, October 27, 2005 9:06 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] ISA 2004 firewall won't start anymore
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > Yesterday I finally got OWA publishing through ISA and
> > immediately
> > > > managed to break it somehow. After restarting ths ISA
> > > services I got
> > > > these errors in the event log
> > > > 
> > > > 14177
> > > > Some certificates cannot be initialized (error code
> > > -2146885628). The
> > > > Web Proxy filter could not initialize. Check that all
> > certificates
> > > > used by the Web Proxy filter are valid.
> > > > 
> > > > 14060
> > > > Cannot load an application filter Web Proxy Filter 
> > > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed
> > > with code
> > > > 0x80092004. To attempt to activate this application filter
> > > again, stop
> > > > and restart the Firewall service.
> > > > 14001
> > > > 
> > > > Firewall Service failed to initialize. Previous event
> log entries
> > > > might help determine the proper action.
> > > > 
> > > > Eventid.net didn't have anything useful, and the only
> reference I
> > > > found at
> > > > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19;
> > > > t=000394
> > > > had no resolution. I have not done an export or anything. 
> > > > 
> > > > How can I tell which certificates are used by the web proxy
> > > filter as
> > > > the message in 14177 suggests?
> > > > 
> > > > Jeff
> > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as: 
> > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > bunting@xxxxxxxxxxxx To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as: 
> > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > bunting@xxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as: 
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bunting@xxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bunting@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---