RE: ISA 2004 firewall won't start anymore

  • From: "Bunting, Jeff" <BUNTING@xxxxxxxxxxxx>
  • To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 27 Oct 2005 12:48:20 -0400

How true!  I thought I had a fairly good idea of what I was doing until it
broke.  I'd like to believe it is a software bug, but figured something I
did was more likely since I'm still learning this.

I have a certificate for the OWA web listener in the personal store.  The
path looks OK and it says the certificate is OK.  Deleting the web listener
and firewall policy didn't correct the problem which made me think that it
was looking for another certificate somewhere?  The only place I recall
configuring a certificate was for the web listeners.

Jeff


-----Original Message-----
From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] 
Sent: Thursday, October 27, 2005 11:57 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: ISA 2004 firewall won't start anymore

http://www.ISAserver.org

Hi Jeff,

Not being sure is the most common reason for things happening that we're not
sure why they happened :)

I know, because I'm not sure what I'm doing at least half of the time.
And once I'm sure, I've moved on to something else that I'm not sure what
I'm doing. Living a life of uncertainty can get unnerving, but I wouldn't
trade it for the alternative :)

Open the Certificates MMC and check what certs are installed in the
machine's Personal certificate store. Double click on the Web site certs in
the right pane of the console and check the cert path. 

HTH,
Tom

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**

 

> -----Original Message-----
> From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 9:26 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> 
> http://www.ISAserver.org
> 
> I must confess, I'm not sure.  In hindsight, I wish I'd made notes of 
> exactly what I did when, but I didn't think I did anything worth 
> noting while I was doing it... ;-)
> 
> I did have a couple of web listeners I deleted that I wasn't using, 
> but I didn't think that should cause this error.
> 
> I do have a certificate from my domain CA in the cert store and one 
> for the web listener.
> 
> I could wipe the box and reinstall since I don't have it in 
> production, but I'd like to know what is wrong to better understand 
> how all of this works.
> I haven't messed with this stuff since Proxy 2.0; things have changed 
> quite a bit.
> 
> Jeff
> 
> -----Original Message-----
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Thursday, October 27, 2005 10:12 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: ISA 2004 firewall won't start anymore
> 
> http://www.ISAserver.org
> 
> Wow Jeff. That's a good one. How'd you do that?
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
> 
>  
> 
> > -----Original Message-----
> > From: Bunting, Jeff [mailto:BUNTING@xxxxxxxxxxxx]
> > Sent: Thursday, October 27, 2005 9:06 AM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] ISA 2004 firewall won't start anymore
> > 
> > http://www.ISAserver.org
> > 
> > Yesterday I finally got OWA publishing through ISA and immediately 
> > managed to break it somehow. After restarting ths ISA
> services I got
> > these errors in the event log
> > 
> > 14177
> > Some certificates cannot be initialized (error code
> -2146885628). The
> > Web Proxy filter could not initialize. Check that all certificates 
> > used by the Web Proxy filter are valid.
> > 
> > 14060
> > Cannot load an application filter Web Proxy Filter 
> > ({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed
> with code
> > 0x80092004. To attempt to activate this application filter
> again, stop
> > and restart the Firewall service.
> > 14001
> > 
> > Firewall Service failed to initialize. Previous event log entries 
> > might help determine the proper action.
> > 
> > Eventid.net didn't have anything useful, and the only reference I 
> > found at 
> > http://forums.isaserver.org/ultimatebb.cgi?ubb=get_topic;f=19;
> > t=000394
> > had no resolution. I have not done an export or anything. 
> > 
> > How can I tell which certificates are used by the web proxy
> filter as
> > the message in 14177 suggests?
> > 
> > Jeff
> > 
> > 
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as: 
> > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> > 
> > 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> bunting@xxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as: 
> tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit 
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
> 
> 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
bunting@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 10-2005