forget that last comment & question. it was made prior to finishing my first cup of coffee... (the magic of the show updates checkbox solves everything!) -----Original Message----- From: Bunting, Jeff Sent: Friday, October 28, 2005 9:26 AM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 firewall won't start anymore http://www.ISAserver.org Nope, new machine, fresh install of Win2003 SP1 + the latest, greatest hotfixes. ISA and its MSDE instance are the only things listed in Add/Remove programs. After seeing this, I thought perhaps I neglected to install ISA SP1. With a new glimmer of hope, I found the SP1 disc amongst the stack on my desk and installed it, but still no joy, not even after a reboot. I'm impressed that I could hork something this soundly without the use of either regedit or ADSIedit. I'm just going to try removing & reinstalling ISA and see if that doesn't solve this. On a side note, I still don't see ISA SP1 listed in add/remove programs or noted under help, about. Is the build number the only way to verify it is installed? Jeff -----Original Message----- From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Sent: Thursday, October 27, 2005 11:49 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: ISA 2004 firewall won't start anymore http://www.ISAserver.org Hi Jeff, I'd say something about that ISA firewall install is horked past what Texas Law allows, and we allow a lot of horking. Any software installed on the firewall other than ISA and Windows? Thanks! Tom Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://spaces.msn.com/members/drisa/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls **Who is John Galt?** > -----Original Message----- > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > Sent: Thursday, October 27, 2005 4:25 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > http://www.ISAserver.org > > Tom, > > I think you're right. I sure feel like I'm wading through quicksand. > > I've restarted many times, but no dice. The only other error is good > ole > 7024 from the system log, the service wouldn't start, with the same > error code as reported in the application log: > > The Microsoft Firewall service terminated with service-specific error > 2148081668 (0x80092004). > > > Jeff > > > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, October 27, 2005 3:04 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > http://www.ISAserver.org > > Hi Jeff, > > I think we're just getting in deeper here :) > > Have you restarting the computer? > > Any other errors in the Event Viewer that might be helpful? > > Tom > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://spaces.msn.com/members/drisa/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > **Who is John Galt?** > > > > > -----Original Message----- > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > Sent: Thursday, October 27, 2005 2:01 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > http://www.ISAserver.org > > > > Thanks for the suggestion Tom, but that didn't work, assuming I > > understood what you meant. > > > > I have a certificate in the Trusted Root CA from the > Enterprise CA. I > > have a domain policy which puts this on domain members. This > > certificate show as OK and says it is intended for "all issuance > > policies" and "all application plicies". > > > > In the personal store I have a certificate with the DNS name that I > > want to use for OWA which was issued from the same root CA > (it is the > > only machine I have running certificate services). It says its > > intended purpose is "ensures the identity of a remote computer" and > > says "you have a private key that corresponds to this certificate". > > > > what I tried was exporting the cert from the personal store and > > importing it into the trusted store. I wasn't sure if > that's what you > > meant or not. > > Anyway, it didn't work. > > > > I'm not sure if I don't have enough grasp of the certificate store > > concept or if this is just a very strange problem. The > trusted root > > certificate isn't necessary to install ISA is it? I don't remember > > anything about it. > > I didn't think any certificates were necessary to start the > firewall > > service itself. Policies or web listeners are the only thing that > > came to mind as something that would look for a > certificate. I just > > tried deleting all of the policies I created and the one > web listener, > > rebooted the server, and still the same errors. > > > > I think I'm about ready to punt. > > > > Jeff > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Thursday, October 27, 2005 1:02 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > http://www.ISAserver.org > > > > Hi Jeff, > > > > Try installing the CA certificate again. Export it from the > Web site > > certificate you're using and put the CA cert in the Trusted Root > > Certification Authorities store for the machine account. > > > > HTH, > > Tom > > > > Thomas W Shinder, M.D. > > Site: www.isaserver.org > > Blog: http://spaces.msn.com/members/drisa/ > > Book: http://tinyurl.com/3xqb7 > > MVP -- ISA Firewalls > > **Who is John Galt?** > > > > > > > > > -----Original Message----- > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > Sent: Thursday, October 27, 2005 11:48 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > > > http://www.ISAserver.org > > > > > > How true! I thought I had a fairly good idea of what I was doing > > > until it broke. I'd like to believe it is a software bug, > > but figured > > > something I did was more likely since I'm still learning this. > > > > > > I have a certificate for the OWA web listener in the > > personal store. > > > The path looks OK and it says the certificate is OK. > > Deleting the web > > > listener and firewall policy didn't correct the problem > > which made me > > > think that it was looking for another certificate > > somewhere? The only > > > place I recall configuring a certificate was for the web > listeners. > > > > > > Jeff > > > > > > > > > -----Original Message----- > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > Sent: Thursday, October 27, 2005 11:57 AM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > > > http://www.ISAserver.org > > > > > > Hi Jeff, > > > > > > Not being sure is the most common reason for things > happening that > > > we're not sure why they happened :) > > > > > > I know, because I'm not sure what I'm doing at least half > > of the time. > > > And once I'm sure, I've moved on to something else that I'm > > not sure > > > what I'm doing. Living a life of uncertainty can get > > unnerving, but I > > > wouldn't trade it for the alternative :) > > > > > > Open the Certificates MMC and check what certs are > installed in the > > > machine's Personal certificate store. Double click on the > Web site > > > certs in the right pane of the console and check the cert path. > > > > > > HTH, > > > Tom > > > > > > Thomas W Shinder, M.D. > > > Site: www.isaserver.org > > > Blog: http://spaces.msn.com/members/drisa/ > > > Book: http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > **Who is John Galt?** > > > > > > > > > > > > > -----Original Message----- > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > Sent: Thursday, October 27, 2005 9:26 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > > > > > http://www.ISAserver.org > > > > > > > > I must confess, I'm not sure. In hindsight, I wish I'd > > > made notes of > > > > exactly what I did when, but I didn't think I did > anything worth > > > > noting while I was doing it... ;-) > > > > > > > > I did have a couple of web listeners I deleted that I > > wasn't using, > > > > but I didn't think that should cause this error. > > > > > > > > I do have a certificate from my domain CA in the cert > > store and one > > > > for the web listener. > > > > > > > > I could wipe the box and reinstall since I don't have it in > > > > production, but I'd like to know what is wrong to better > > understand > > > > how all of this works. > > > > I haven't messed with this stuff since Proxy 2.0; things > > > have changed > > > > quite a bit. > > > > > > > > Jeff > > > > > > > > -----Original Message----- > > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > > > Sent: Thursday, October 27, 2005 10:12 AM > > > > To: [ISAserver.org Discussion List] > > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore > > > > > > > > http://www.ISAserver.org > > > > > > > > Wow Jeff. That's a good one. How'd you do that? > > > > > > > > Thomas W Shinder, M.D. > > > > Site: www.isaserver.org > > > > Blog: http://spaces.msn.com/members/drisa/ > > > > Book: http://tinyurl.com/3xqb7 > > > > MVP -- ISA Firewalls > > > > **Who is John Galt?** > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx] > > > > > Sent: Thursday, October 27, 2005 9:06 AM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] ISA 2004 firewall won't start anymore > > > > > > > > > > http://www.ISAserver.org > > > > > > > > > > Yesterday I finally got OWA publishing through ISA and > > > immediately > > > > > managed to break it somehow. After restarting ths ISA > > > > services I got > > > > > these errors in the event log > > > > > > > > > > 14177 > > > > > Some certificates cannot be initialized (error code > > > > -2146885628). The > > > > > Web Proxy filter could not initialize. Check that all > > > certificates > > > > > used by the Web Proxy filter are valid. > > > > > > > > > > 14060 > > > > > Cannot load an application filter Web Proxy Filter > > > > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed > > > > with code > > > > > 0x80092004. To attempt to activate this application filter > > > > again, stop > > > > > and restart the Firewall service. > > > > > 14001 > > > > > > > > > > Firewall Service failed to initialize. Previous event > > log entries > > > > > might help determine the proper action. > > > > > > > > > > Eventid.net didn't have anything useful, and the only > > reference I > > > > > found at > > > > > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19; > > > > > t=000394 > > > > > had no resolution. I have not done an export or anything. > > > > > > > > > > How can I tell which certificates are used by the web proxy > > > > filter as > > > > > the message in 14177 suggests? > > > > > > > > > > Jeff > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > > List Archives: > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > ISA Server Newsletter: > > > http://www.isaserver.org/pages/newsletter.asp > > > > > ISA Server FAQ: > > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > > ------------------------------------------------------ > > > > > Visit TechGenix.com for more information about our > other sites: > > > > > http://www.techgenix.com > > > > > ------------------------------------------------------ > > > > > You are currently subscribed to this ISAserver.org > > > > Discussion List as: > > > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > bunting@xxxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > ------------------------------------------------------ > > > > List Archives: > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ISA Server Newsletter: > > http://www.isaserver.org/pages/newsletter.asp > > > > ISA Server FAQ: > > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > > ------------------------------------------------------ > > > > Visit TechGenix.com for more information about our other sites: > > > > http://www.techgenix.com > > > > ------------------------------------------------------ > > > > You are currently subscribed to this ISAserver.org > > > Discussion List as: > > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > bunting@xxxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > ISA Server Newsletter: > http://www.isaserver.org/pages/newsletter.asp > > > ISA Server FAQ: > http://www.isaserver.org/pages/larticle.asp?type=FAQ > > > ------------------------------------------------------ > > > Visit TechGenix.com for more information about our other sites: > > > http://www.techgenix.com > > > ------------------------------------------------------ > > > You are currently subscribed to this ISAserver.org > > Discussion List as: > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > bunting@xxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Visit TechGenix.com for more information about our other sites: > > http://www.techgenix.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org > Discussion List as: > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx > > > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > bunting@xxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: bunting@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx