[isalist] ISA 2006 Firewall Service not starting

  • From: "Rob Moore" <RMoore@xxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 5 Apr 2007 12:32:40 -0400

I'm sending this again, because it didn't seem to go through the first
time. I sent it a couple of hours ago, but I haven't seen it come out on
the list yet. All I've gotten were two "Out of Office" messages.

Sorry if it ends up getting posted twice.

Rob

_____________________________________________
From: Rob Moore 
Sent: Thursday, April 05, 2007 10:05 AM
To: 'isalist@xxxxxxxxxxxxx'
Subject: ISA 2006 Firewall Service not starting


Hello list-

Yesterday I exported the settings from my ISA 2004 Standard (on Windows
2003 SP1) server and imported them on my new ISA 2006 Standard (on
Windows 2003 SP2) server. Following the MS guide for this migration
(http://www.microsoft.com/technet/isa/2006/upgrade_guide_se.mspx#Migrati
on) I also imported the SSL certificate for publishing my OWA site,
installed a new certificate from my internal CA for VPN encryption, and
created the user account for my L2TP site-to-site connection. This
morning I tried to swap the two boxes. But the Microsoft Firewall
service wouldn't start on the ISA 2006 box. I got this error: "The
Microsoft Firewall service terminated with service-specific error
2148081668 (0x80092004)".

When I  take the server out of production and boot it up with only the
LAN cable attached, the Firewall service starts.

I've done a bit of digging around and found a year-and-a-half old
conversation between Tom and someone talking about certificates needing
to be installed in the Trusted Root Certification Authorities. I looked
there, and my new server doesn't seem to have anything there from
Comodo-the supplier of our OWA certificate-whereas my old server does.
Could that be causing the firewall service not to start when the WAN
cable is connected to the world? Is there another path I need to check
out?

Thanks,
Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Rob Moore
Network Manager
215-241-7870
Help Desk: 800-500-AFSC


Other related posts: