Event ID 14148 occurs, and client computers cannot communicate with ISA Server after a network outage

View products that this article applies to.

Expand all | Collapse all

SYMPTOMS

Consider the following scenario:

You are running Microsoft Internet Security and Acceleration (ISA) Server 2004, ISA Server 2006, or Microsoft Forefront Threat Management Gateway, Medium Business Edition, on a computer that has only one network adapter installed. This is known as a single-homed configuration. Typically, you use this configuration if the following conditions are true:
- When ISA Server or Forefront Threat Management Gateway, Medium Business Edition, is located in the internal corporate network or in a perimeter network.
- Another firewall is located at the edge that connects and protects corporate resources from the Internet.
A temporary network failure occurs. The network outage lasts for more than three minutes.
When the network connection is restored, the following event is logged in the Application log:
Event Type: Warning
Event Source: Microsoft ISA Server Web Proxy
Event Category: None
Event ID: 14148
Date: Date
Time: Time
User: N/A
Computer: Computer
Description: The Web Proxy filter failed to bind its socket to IP address port 8080. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
When the network connection is restored, the following event is logged in the Application log for Forefront Threat Management Gateway, Medium Business Edition:
Event Type: Warning
Event Source: Microsoft Forefront TMG Web Proxy
Event Category: None
Event ID: 14148
Date: Date
Time: Time
User: N/A
Computer: Computer
Description: The Web Proxy filter failed to bind its socket to IP address port 8080. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.

In this scenario, client computers cannot communicate with ISA Server until you restart the Microsoft Firewall service.

Note To restart the Microsoft Firewall service, use either of the following methods.

Method 1: Use the Services console to restart the Microsoft Firewall service

Click Start, click Run, type services.msc, and then click OK.
Right-click Microsoft Firewall, and then click Restart. If you are prompted to stop dependent services, click Yes to enable Service Control Manager (SCM) to correctly restart the dependent services.

Method 2: Use the command prompt to restart the Microsoft Firewall service

Type the following commands at a command prompt. Press ENTER after each command.

net stop fwsrv /y

net start fwsrv

Note The /y switch that is in the net stop fwsrv command enables SCM to stop the dependent services.

Back to the top

WORKAROUND

To prevent this problem, disable the TCP/IP Media Sense feature in Windows. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

239924 (http://support.microsoft.com/kb/239924/ ) How to disable the "Media Sensing" feature for TCP/IP in Windows

For Windows Server 2008, this registry key is already disabled by default. For more information about registry keys for Windows Server 2008, download and review the following "TCP/IP Registry Values for Microsoft Windows Vista and Windows Server 2008" document:

http://download.microsoft.com/download/c/2/6/c26893a6-46c7-4b5c-b287-830216597340/TCPIP_Reg.doc (http://download.microsoft.com/download/c/2/6/c26893a6-46c7-4b5c-b287-830216597340/tcpip_reg.doc)

Back to the top