Article ID: 940463 - Last Review: February 18, 2008 - Revision: 2.1

You cannot start the Microsoft Firewall service on a server that is running ISA 2004 or ISA 2006 if you enable SSL on a Web listener

View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

A server is running Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006. On the server, you enable Secure Sockets Layer (SSL) on a Web listener. In this situation, you cannot start the Microsoft Firewall service. However, if you disable SSL on the Web listener, you can successfully start the Microsoft Firewall service. When this problem occurs, events that resemble the following may be logged in the event log:

Event 14001

Event Source: Microsoft Firewall
Event ID: 14001
Description: Firewall Service failed to initialize. Previous event log entries might help determine the proper action

Event 14060

Event Source: Microsoft Firewall
Event ID: 14060
Description: Description: Cannot load an application filter Web Proxy Filter
({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed with code 0x80092004.
To attempt to activate this application filter again, stop and restart the Firewall service.

Event 14177

Event Source: Microsoft ISA Server Web Proxy
Event ID: 14177
Description: Some certificates cannot be initialized (error code -2146885628). The Web Proxy filter could not initialize. Check that all certificates used by the Web Proxy filter are valid.

Back to the top

CAUSE

This problem occurs because of a problem with the SSL server certificate that the Web listener uses. The problem can be one of the following problems:
  • The certificate has expired.
  • The certificate is corrupted.
  • The certificate is installed incorrectly.
  • The Web listeners are not using the certificate appropriately.
  • There are overlapping Web listeners.
  • Multiple overlapping publishing rules are set up incorrectly.
Back to the top

WORKAROUND

To work around this problem, follow these steps:
  1. In the Certificates Microsoft Management Console (MMC) snap-in, delete the certificate, and then re-import the certificate.
  2. Configure the Web listener to use the certificate.
Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Back to the top
APPLIES TO
  • Microsoft Forefront Threat Management Gateway, Medium Business Edition
  • Microsoft Internet Security and Acceleration Server 2004 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
  • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
  • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
Back to the top
Keywords: 
kbexpertiseadvanced kbprb kbtshoot KB940463
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations