-----Original Message-----
From: Thor (Hammer of God) [mailto:thor@xxxxxxxxxxxxxxx]
Sent: Thursday, October 27, 2005 11:11 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore
http://www.ISAserver.org
I just horked. And I'm ready to hork again!
----- Original Message -----
From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Thursday, October 27, 2005 8:49 PM
Subject: [isalist] RE: ISA 2004 firewall won't start anymore
http://www.ISAserver.org
Hi Jeff,
I'd say something about that ISA firewall install is horked past what
Texas Law allows, and we allow a lot of horking.
Any software installed on the firewall other than ISA and Windows?
Thanks!
Tom
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 4:25 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
>
> http://www.ISAserver.org
>
> Tom,
>
> I think you're right. I sure feel like I'm wading through
quicksand.
>
> I've restarted many times, but no dice. The only other error
> is good ole
> 7024 from the system log, the service wouldn't start, with
> the same error
> code as reported in the application log:
>
> The Microsoft Firewall service terminated with
service-specific error
> 2148081668 (0x80092004).
>
>
> Jeff
>
>
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 3:04 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
>
> http://www.ISAserver.org
>
> Hi Jeff,
>
> I think we're just getting in deeper here :)
>
> Have you restarting the computer?
>
> Any other errors in the Event Viewer that might be helpful?
>
> Tom
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 2:01 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> >
> > http://www.ISAserver.org
> >
> > Thanks for the suggestion Tom, but that didn't work, assuming I
> > understood what you meant.
> >
> > I have a certificate in the Trusted Root CA from the
> Enterprise CA. I
> > have a domain policy which puts this on domain members. This
> > certificate show as OK and says it is intended for "all issuance
> > policies" and "all application plicies".
> >
> > In the personal store I have a certificate with the DNS
name that I
> > want to use for OWA which was issued from the same root CA
> (it is the
> > only machine I have running certificate services). It says its
> > intended purpose is "ensures the identity of a remote
computer" and
> > says "you have a private key that corresponds to this
certificate".
> >
> > what I tried was exporting the cert from the personal store and
> > importing it into the trusted store. I wasn't sure if
> that's what you
> > meant or not.
> > Anyway, it didn't work.
> >
> > I'm not sure if I don't have enough grasp of the certificate store
> > concept or if this is just a very strange problem. The
> trusted root
> > certificate isn't necessary to install ISA is it? I
don't remember
> > anything about it.
> > I didn't think any certificates were necessary to start the
> firewall
> > service itself. Policies or web listeners are the only thing that
> > came to mind as something that would look for a
> certificate. I just
> > tried deleting all of the policies I created and the one
> web listener,
> > rebooted the server, and still the same errors.
> >
> > I think I'm about ready to punt.
> >
> > Jeff
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 1:02 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> >
> > http://www.ISAserver.org
> >
> > Hi Jeff,
> >
> > Try installing the CA certificate again. Export it from the
> Web site
> > certificate you're using and put the CA cert in the Trusted Root
> > Certification Authorities store for the machine account.
> >
> > HTH,
> > Tom
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 11:48 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > >
> > > http://www.ISAserver.org
> > >
> > > How true! I thought I had a fairly good idea of what I
was doing
> > > until it broke. I'd like to believe it is a software bug,
> > but figured
> > > something I did was more likely since I'm still learning this.
> > >
> > > I have a certificate for the OWA web listener in the
> > personal store.
> > > The path looks OK and it says the certificate is OK.
> > Deleting the web
> > > listener and firewall policy didn't correct the problem
> > which made me
> > > think that it was looking for another certificate
> > somewhere? The only
> > > place I recall configuring a certificate was for the web
> listeners.
> > >
> > > Jeff
> > >
> > >
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 11:57 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Jeff,
> > >
> > > Not being sure is the most common reason for things
> happening that
> > > we're not sure why they happened :)
> > >
> > > I know, because I'm not sure what I'm doing at least half
> > of the time.
> > > And once I'm sure, I've moved on to something else that I'm
> > not sure
> > > what I'm doing. Living a life of uncertainty can get
> > unnerving, but I
> > > wouldn't trade it for the alternative :)
> > >
> > > Open the Certificates MMC and check what certs are
> installed in the
> > > machine's Personal certificate store. Double click on the
> Web site
> > > certs in the right pane of the console and check the cert path.
> > >
> > > HTH,
> > > Tom
> > >
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > > Sent: Thursday, October 27, 2005 9:26 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > I must confess, I'm not sure. In hindsight, I wish I'd
> > > made notes of
> > > > exactly what I did when, but I didn't think I did
> anything worth
> > > > noting while I was doing it... ;-)
> > > >
> > > > I did have a couple of web listeners I deleted that I
> > wasn't using,
> > > > but I didn't think that should cause this error.
> > > >
> > > > I do have a certificate from my domain CA in the cert
> > store and one
> > > > for the web listener.
> > > >
> > > > I could wipe the box and reinstall since I don't have it in
> > > > production, but I'd like to know what is wrong to better
> > understand
> > > > how all of this works.
> > > > I haven't messed with this stuff since Proxy 2.0; things
> > > have changed
> > > > quite a bit.
> > > >
> > > > Jeff
> > > >
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Thursday, October 27, 2005 10:12 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > > Wow Jeff. That's a good one. How'd you do that?
> > > >
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://spaces.msn.com/members/drisa/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > > **Who is John Galt?**
> > > >
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > > > Sent: Thursday, October 27, 2005 9:06 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] ISA 2004 firewall won't start anymore
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Yesterday I finally got OWA publishing through ISA and
> > > immediately
> > > > > managed to break it somehow. After restarting ths ISA
> > > > services I got
> > > > > these errors in the event log
> > > > >
> > > > > 14177
> > > > > Some certificates cannot be initialized (error code
> > > > -2146885628). The
> > > > > Web Proxy filter could not initialize. Check that all
> > > certificates
> > > > > used by the Web Proxy filter are valid.
> > > > >
> > > > > 14060
> > > > > Cannot load an application filter Web Proxy Filter
> > > > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed
> > > > with code
> > > > > 0x80092004. To attempt to activate this application filter
> > > > again, stop
> > > > > and restart the Firewall service.
> > > > > 14001
> > > > >
> > > > > Firewall Service failed to initialize. Previous event
> > log entries
> > > > > might help determine the proper action.
> > > > >
> > > > > Eventid.net didn't have anything useful, and the only
> > reference I
> > > > > found at
> > > > >
http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19;
> > > > > t=000394
> > > > > had no resolution. I have not done an export or anything.
> > > > >
> > > > > How can I tell which certificates are used by the web proxy
> > > > filter as
> > > > > the message in 14177 suggests?
> > > > >
> > > > > Jeff
> > > > >
> > > > >
> > > > > ------------------------------------------------------
> > > > > List Archives:
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter:
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ:
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as:
> > > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > >
> > > > >
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > bunting@xxxxxxxxxxxx To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > > ------------------------------------------------------
> > > > List Archives:
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter:
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ:
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our
other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > >
> > > >
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > bunting@xxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > ------------------------------------------------------
> > > List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > bunting@xxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter:
http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ:
http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org
Discussion List as:
> bunting@xxxxxxxxxxxx To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion
List as: tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx