-----Original Message-----
From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 4:25 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore
http://www.ISAserver.org
Tom,
I think you're right. I sure feel like I'm wading through quicksand.
I've restarted many times, but no dice. The only other error
is good ole
7024 from the system log, the service wouldn't start, with
the same error
code as reported in the application log:
The Microsoft Firewall service terminated with service-specific error
2148081668 (0x80092004).
Jeff
-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, October 27, 2005 3:04 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore
http://www.ISAserver.org
Hi Jeff,
I think we're just getting in deeper here :)
Have you restarting the computer?
Any other errors in the Event Viewer that might be helpful?
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 2:01 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
>
> http://www.ISAserver.org
>
> Thanks for the suggestion Tom, but that didn't work, assuming I
> understood what you meant.
>
> I have a certificate in the Trusted Root CA from the
Enterprise CA. I
> have a domain policy which puts this on domain members. This
> certificate show as OK and says it is intended for "all issuance
> policies" and "all application plicies".
>
> In the personal store I have a certificate with the DNS name that I
> want to use for OWA which was issued from the same root CA
(it is the
> only machine I have running certificate services). It says its
> intended purpose is "ensures the identity of a remote computer" and
> says "you have a private key that corresponds to this certificate".
>
> what I tried was exporting the cert from the personal store and
> importing it into the trusted store. I wasn't sure if
that's what you
> meant or not.
> Anyway, it didn't work.
>
> I'm not sure if I don't have enough grasp of the certificate store
> concept or if this is just a very strange problem. The
trusted root
> certificate isn't necessary to install ISA is it? I don't remember
> anything about it.
> I didn't think any certificates were necessary to start the
firewall
> service itself. Policies or web listeners are the only thing that
> came to mind as something that would look for a
certificate. I just
> tried deleting all of the policies I created and the one
web listener,
> rebooted the server, and still the same errors.
>
> I think I'm about ready to punt.
>
> Jeff
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 1:02 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
>
> http://www.ISAserver.org
>
> Hi Jeff,
>
> Try installing the CA certificate again. Export it from the
Web site
> certificate you're using and put the CA cert in the Trusted Root
> Certification Authorities store for the machine account.
>
> HTH,
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 11:48 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> >
> > http://www.ISAserver.org
> >
> > How true! I thought I had a fairly good idea of what I was doing
> > until it broke. I'd like to believe it is a software bug,
> but figured
> > something I did was more likely since I'm still learning this.
> >
> > I have a certificate for the OWA web listener in the
> personal store.
> > The path looks OK and it says the certificate is OK.
> Deleting the web
> > listener and firewall policy didn't correct the problem
> which made me
> > think that it was looking for another certificate
> somewhere? The only
> > place I recall configuring a certificate was for the web
listeners.
> >
> > Jeff
> >
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 11:57 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> >
> > http://www.ISAserver.org
> >
> > Hi Jeff,
> >
> > Not being sure is the most common reason for things
happening that
> > we're not sure why they happened :)
> >
> > I know, because I'm not sure what I'm doing at least half
> of the time.
> > And once I'm sure, I've moved on to something else that I'm
> not sure
> > what I'm doing. Living a life of uncertainty can get
> unnerving, but I
> > wouldn't trade it for the alternative :)
> >
> > Open the Certificates MMC and check what certs are
installed in the
> > machine's Personal certificate store. Double click on the
Web site
> > certs in the right pane of the console and check the cert path.
> >
> > HTH,
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 9:26 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > >
> > > http://www.ISAserver.org
> > >
> > > I must confess, I'm not sure. In hindsight, I wish I'd
> > made notes of
> > > exactly what I did when, but I didn't think I did
anything worth
> > > noting while I was doing it... ;-)
> > >
> > > I did have a couple of web listeners I deleted that I
> wasn't using,
> > > but I didn't think that should cause this error.
> > >
> > > I do have a certificate from my domain CA in the cert
> store and one
> > > for the web listener.
> > >
> > > I could wipe the box and reinstall since I don't have it in
> > > production, but I'd like to know what is wrong to better
> understand
> > > how all of this works.
> > > I haven't messed with this stuff since Proxy 2.0; things
> > have changed
> > > quite a bit.
> > >
> > > Jeff
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 10:12 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > >
> > > http://www.ISAserver.org
> > >
> > > Wow Jeff. That's a good one. How'd you do that?
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > > Sent: Thursday, October 27, 2005 9:06 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] ISA 2004 firewall won't start anymore
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Yesterday I finally got OWA publishing through ISA and
> > immediately
> > > > managed to break it somehow. After restarting ths ISA
> > > services I got
> > > > these errors in the event log
> > > >
> > > > 14177
> > > > Some certificates cannot be initialized (error code
> > > -2146885628). The
> > > > Web Proxy filter could not initialize. Check that all
> > certificates
> > > > used by the Web Proxy filter are valid.
> > > >
> > > > 14060
> > > > Cannot load an application filter Web Proxy Filter
> > > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed
> > > with code
> > > > 0x80092004. To attempt to activate this application filter
> > > again, stop
> > > > and restart the Firewall service.
> > > > 14001
> > > >
> > > > Firewall Service failed to initialize. Previous event
> log entries
> > > > might help determine the proper action.
> > > >
> > > > Eventid.net didn't have anything useful, and the only
> reference I
> > > > found at
> > > > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19;
> > > > t=000394
> > > > had no resolution. I have not done an export or anything.
> > > >
> > > > How can I tell which certificates are used by the web proxy
> > > filter as
> > > > the message in 14177 suggests?
> > > >
> > > > Jeff
> > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > bunting@xxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > bunting@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org
Discussion List as:
> bunting@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org
Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bunting@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
