RE: ISA 2004 firewall won't start anymore

• From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Fri, 28 Oct 2005 09:33:46 -0400

forget that last comment & question.  it was made prior to finishing my
first cup of coffee...

(the magic of the show updates checkbox solves everything!)

-----Original Message-----
From: Bunting, Jeff 
Sent: Friday, October 28, 2005 9:26 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore

http://www.ISAserver.org

Nope, new machine, fresh install of Win2003 SP1 + the latest, greatest
hotfixes. ISA and its MSDE instance are the only things listed in Add/Remove
programs.

After seeing this, I thought perhaps I neglected to install ISA SP1.  With a
new glimmer of hope, I found the SP1 disc amongst the stack on my desk and
installed it, but still no joy, not even after a reboot.

I'm impressed that I could hork something this soundly without the use of
either regedit or ADSIedit.

I'm just going to try removing & reinstalling ISA and see if that doesn't
solve this.

On a side note, I still don't see ISA SP1 listed in add/remove programs or
noted under help, about.  Is the build number the only way to verify it is
installed?

Jeff

-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
Sent: Thursday, October 27, 2005 11:49 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore

http://www.ISAserver.org

Hi Jeff,

I'd say something about that ISA firewall install is horked past what Texas
Law allows, and we allow a lot of horking.

Any software installed on the firewall other than ISA and Windows?

Thanks!
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 4:25 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> 
> http://www.ISAserver.org
> 
> Tom,
>  
> I think you're right.  I sure feel like I'm wading through quicksand.
> 
> I've restarted many times, but no dice.  The only other error is good 
> ole
> 7024 from the system log, the service wouldn't start, with the same 
> error code as reported in the application log:
> 
> The Microsoft Firewall service terminated with service-specific error
> 2148081668 (0x80092004).
> 
> 
> Jeff
> 
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 3:04 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> 
> http://www.ISAserver.org
> 
> Hi Jeff,
> 
> I think we're just getting in deeper here :)
> 
> Have you restarting the computer?
> 
> Any other errors in the Event Viewer that might be helpful?
> 
> Tom
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 2:01 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > 
> > http://www.ISAserver.org
> > 
> > Thanks for the suggestion Tom, but that didn't work, assuming I 
> > understood what you meant.
> > 
> > I have a certificate in the Trusted Root CA from the
> Enterprise CA.  I
> > have a domain policy which puts this on domain members.  This 
> > certificate show as OK and says it is intended for "all issuance 
> > policies" and "all application plicies".
> > 
> > In the personal store I have a certificate with the DNS name that I 
> > want to use for OWA which was issued from the same root CA
> (it is the
> > only machine I have running certificate services).  It says its 
> > intended purpose is "ensures the identity of a remote computer" and 
> > says "you have a private key that corresponds to this certificate".
> > 
> > what I tried was exporting the cert from the personal store and 
> > importing it into the trusted store.  I wasn't sure if
> that's what you
> > meant or not.
> > Anyway, it didn't work.
> > 
> > I'm not sure if I don't have enough grasp of the certificate store 
> > concept or if this is just a very strange problem.  The
> trusted root
> > certificate isn't necessary to install ISA is it?  I don't remember 
> > anything about it.
> > I didn't think any certificates were necessary to start the
> firewall
> > service itself.  Policies or web listeners are the only thing that 
> > came to mind as something that would look for a
> certificate.  I just
> > tried deleting all of the policies I created and the one
> web listener,
> > rebooted the server, and still the same errors.
> > 
> > I think I'm about ready to punt.
> > 
> > Jeff
> > 
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 1:02 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > 
> > http://www.ISAserver.org
> > 
> > Hi Jeff,
> > 
> > Try installing the CA certificate again. Export it from the
> Web site
> > certificate you're using and put the CA cert in the Trusted Root 
> > Certification Authorities store for the machine account.
> > 
> > HTH,
> > Tom
> > 
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> > 
> >  
> > 
> > > -----Original Message-----
> > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 11:48 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > 
> > > http://www.ISAserver.org
> > > 
> > > How true!  I thought I had a fairly good idea of what I was doing 
> > > until it broke.  I'd like to believe it is a software bug,
> > but figured
> > > something I did was more likely since I'm still learning this.
> > > 
> > > I have a certificate for the OWA web listener in the
> > personal store.  
> > > The path looks OK and it says the certificate is OK.  
> > Deleting the web
> > > listener and firewall policy didn't correct the problem
> > which made me
> > > think that it was looking for another certificate
> > somewhere?  The only
> > > place I recall configuring a certificate was for the web
> listeners.
> > > 
> > > Jeff
> > > 
> > > 
> > > -----Original Message-----
> > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > Sent: Thursday, October 27, 2005 11:57 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > 
> > > http://www.ISAserver.org
> > > 
> > > Hi Jeff,
> > > 
> > > Not being sure is the most common reason for things
> happening that
> > > we're not sure why they happened :)
> > > 
> > > I know, because I'm not sure what I'm doing at least half
> > of the time.
> > > And once I'm sure, I've moved on to something else that I'm
> > not sure
> > > what I'm doing. Living a life of uncertainty can get
> > unnerving, but I
> > > wouldn't trade it for the alternative :)
> > > 
> > > Open the Certificates MMC and check what certs are
> installed in the
> > > machine's Personal certificate store. Double click on the
> Web site
> > > certs in the right pane of the console and check the cert path.
> > > 
> > > HTH,
> > > Tom
> > > 
> > > Thomas W Shinder, M.D.
> > > Site: www.isaserver.org
> > > Blog: http://spaces.msn.com/members/drisa/
> > > Book: http://tinyurl.com/3xqb7
> > > MVP -- ISA Firewalls
> > > **Who is John Galt?**
> > > 
> > >  
> > > 
> > > > -----Original Message-----
> > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > > Sent: Thursday, October 27, 2005 9:26 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > I must confess, I'm not sure.  In hindsight, I wish I'd
> > > made notes of
> > > > exactly what I did when, but I didn't think I did
> anything worth
> > > > noting while I was doing it... ;-)
> > > > 
> > > > I did have a couple of web listeners I deleted that I
> > wasn't using,
> > > > but I didn't think that should cause this error.
> > > > 
> > > > I do have a certificate from my domain CA in the cert
> > store and one
> > > > for the web listener.
> > > > 
> > > > I could wipe the box and reinstall since I don't have it in 
> > > > production, but I'd like to know what is wrong to better
> > understand
> > > > how all of this works.
> > > > I haven't messed with this stuff since Proxy 2.0; things
> > > have changed
> > > > quite a bit.
> > > > 
> > > > Jeff
> > > > 
> > > > -----Original Message-----
> > > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > > > Sent: Thursday, October 27, 2005 10:12 AM
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> > > > 
> > > > http://www.ISAserver.org
> > > > 
> > > > Wow Jeff. That's a good one. How'd you do that?
> > > > 
> > > > Thomas W Shinder, M.D.
> > > > Site: www.isaserver.org
> > > > Blog: http://spaces.msn.com/members/drisa/
> > > > Book: http://tinyurl.com/3xqb7
> > > > MVP -- ISA Firewalls
> > > > **Who is John Galt?**
> > > > 
> > > >  
> > > > 
> > > > > -----Original Message-----
> > > > > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > > > > Sent: Thursday, October 27, 2005 9:06 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] ISA 2004 firewall won't start anymore
> > > > > 
> > > > > http://www.ISAserver.org
> > > > > 
> > > > > Yesterday I finally got OWA publishing through ISA and
> > > immediately
> > > > > managed to break it somehow. After restarting ths ISA
> > > > services I got
> > > > > these errors in the event log
> > > > > 
> > > > > 14177
> > > > > Some certificates cannot be initialized (error code
> > > > -2146885628). The
> > > > > Web Proxy filter could not initialize. Check that all
> > > certificates
> > > > > used by the Web Proxy filter are valid.
> > > > > 
> > > > > 14060
> > > > > Cannot load an application filter Web Proxy Filter 
> > > > > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed
> > > > with code
> > > > > 0x80092004. To attempt to activate this application filter
> > > > again, stop
> > > > > and restart the Firewall service.
> > > > > 14001
> > > > > 
> > > > > Firewall Service failed to initialize. Previous event
> > log entries
> > > > > might help determine the proper action.
> > > > > 
> > > > > Eventid.net didn't have anything useful, and the only
> > reference I
> > > > > found at
> > > > > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19;
> > > > > t=000394
> > > > > had no resolution. I have not done an export or anything. 
> > > > > 
> > > > > How can I tell which certificates are used by the web proxy
> > > > filter as
> > > > > the message in 14177 suggests?
> > > > > 
> > > > > Jeff
> > > > > 
> > > > > 
> > > > > ------------------------------------------------------
> > > > > List Archives: 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > ISA Server Newsletter: 
> > > http://www.isaserver.org/pages/newsletter.asp
> > > > > ISA Server FAQ: 
> > > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > > ------------------------------------------------------
> > > > > Visit TechGenix.com for more information about our
> other sites:
> > > > > http://www.techgenix.com
> > > > > ------------------------------------------------------
> > > > > You are currently subscribed to this ISAserver.org
> > > > Discussion List as: 
> > > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > > 
> > > > > 
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as:
> > > > bunting@xxxxxxxxxxxx To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > ------------------------------------------------------
> > > > List Archives: 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > ISA Server Newsletter: 
> > http://www.isaserver.org/pages/newsletter.asp
> > > > ISA Server FAQ: 
> > http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > > ------------------------------------------------------
> > > > Visit TechGenix.com for more information about our other sites:
> > > > http://www.techgenix.com
> > > > ------------------------------------------------------
> > > > You are currently subscribed to this ISAserver.org
> > > Discussion List as: 
> > > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > > 
> > > > 
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > bunting@xxxxxxxxxxxx To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter: 
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ: 
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as: 
> > > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > > 
> > > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > bunting@xxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as: 
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bunting@xxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bunting@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bunting@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

• » ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore
• » RE: ISA 2004 firewall won't start anymore

1. Home
2. isalist
3. Archive
4. 10-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---