Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ISA Firewall failed to start

Status
Not open for further replies.
Dazza2003

Dazza2003

IS-IT--Management
Sep 11, 2003
1
AU
I have installed ISA 2000 on a Windows Server 2003, I have installed the sp1 hot fixes and Feature Pack 1. I am getting the following errors in events

System Error:
The Microsoft Firewall service terminated with service-specific error 213005 (0x3400D).

Application Error:
Microsoft Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT) because the system call PNATInit failed. Use the source location 308.1151.3.0.1200.166 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. This failure may be due to the Internet Connection Firewall (ICF) service being enabled. If it is enabled, please disable the service named "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" (SharedAccess). Then, restart the computer. For more information about this event, see ISA Server Help. The error description is: Access is denied.


Can anyone point me to where the problem may be?

Regards
Darren
 
Sort by date Sort by votes
Hi all,

just received this advice from MS:
[ul][li]make sure Internet Connection Sharing (ICS) is disabled[/li]
[li]make sure disable Internet Connection Firewall (ICF) is disabled.[/li][/ul]
I know this sound stupid because many of you have said that ICS and ICF has never been activated, but please check again. Start of with checking that neither service has been activated on any NIC. Then make sure the services are deactivated.

Also, open up the Management Console for "Routing and Remote Access" (administrative tools). Expand the Server and expand "IP routing". If "Network Address Translation (NAT)" filter is installed here, disable Routing and RAS by doing a right click on the server name.

Please do a reboot of the server if any of the mentioned issues have been active.

Microsoft is currently investigating smililar problems. There are no known problem so far, but you are encouraged to open a support call with Microsoft. If it turns out to be a bug (with a hotfix as a result), the support call will cost nothing.

Cheers
Knutern
 
Upvote 0 Downvote
Hello All,

As mentioned before, we thought to reinitialise the ISA Schema in AD (as a last resort..)

We completed this - it first removes the ISA schema, then run it again and it sets the schema up in AD - installed ISA as a standalone - left for a while for the schema changes to spread across the DCs - promoted ISA server to the array and everything came up OK. Restored all backup configs and everything is fine!! In addition all the services are running with the local system account, therefore no need to change to a domain admin account.....

I don't know what was going on, I don't now if the above is a 'fix', but it worked for us - needless to say we are very wary about the ISA schema and AD....

If this happens again to us we'll just go down the standalone route.....

Many thanks (Knutern) for all the input on this...

Good luck to all in the same situation - at least it is a decent thread for a widespread, unrecognised, problem...

Cheers,

Kenny

 
Upvote 0 Downvote
Yes, you'll rigth. I had found that the problem is that you can't have activated the Firewall(ICS) in your NIC and the Isa Firewall at the same time, 'cause Isa Firewall use the ICS services and it appropiate of this resource.

So, I just Disabled the Firewall in the NIC and reboot, everything goes good after that!!!

Thanks for all.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
798
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
657
Johnkite
Johnkite
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
232
hairlessupportmonkey
hairlessupportmonkey
Tommy_T
  • Locked
  • Question
Sonic wall - Have an issue remotely connectioning VNC and SMB (and AFP) to one of the 2 ISP circuits
Replies
1
Views
584
nnaarrnn
nnaarrnn
Russtoleum
  • Locked
  • Question
Windows client can't connect to sonicwall l2tp server
Replies
0
Views
155
Russtoleum
Russtoleum

Part and Inventory Search

Sponsor

Back
Top