Help and Support
 

powered byLive Search

You cannot start the Microsoft Firewall service on a server that is running ISA 2004 or ISA 2006 if you enable SSL on a Web listener

View products that this article applies to.
Article ID:940463
Last Review:February 18, 2008
Revision:2.0

SYMPTOMS

A server is running Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006. On the server, you enable Secure Sockets Layer (SSL) on a Web listener. In this situation, you cannot start the Microsoft Firewall service. However, if you disable SSL on the Web listener, you can successfully start the Microsoft Firewall service. When this problem occurs, events that resemble the following may be logged in the event log:

Event 14001

Event Source: Microsoft Firewall
Event ID: 14001
Description: Firewall Service failed to initialize. Previous event log entries might help determine the proper action

Event 14060

Event Source: Microsoft Firewall
Event ID: 14060
Description: Description: Cannot load an application filter Web Proxy Filter
({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed with code 0x80092004.
To attempt to activate this application filter again, stop and restart the Firewall service.

Event 14177

Event Source: Microsoft ISA Server Web Proxy
Event ID: 14177
Description: Some certificates cannot be initialized (error code -2146885628). The Web Proxy filter could not initialize. Check that all certificates used by the Web Proxy filter are valid.

Back to the top

CAUSE

This problem occurs because of a problem with the SSL server certificate that the Web listener uses. The problem can be one of the following problems:
The certificate has expired.
The certificate is corrupted.
The certificate is installed incorrectly.
The Web listeners are not using the certificate appropriately.
There are overlapping Web listeners.
Multiple overlapping publishing rules are set up incorrectly.

Back to the top

WORKAROUND

To work around this problem, follow these steps:
1.In the Certificates Microsoft Management Console (MMC) snap-in, delete the certificate, and then re-import the certificate.
2.Configure the Web listener to use the certificate.

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

APPLIES TO
Microsoft Internet Security and Acceleration Server 2004 Standard Edition
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
Microsoft Internet Security and Acceleration Server 2006 Standard Edition
Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

Back to the top

Keywords: 
kbexpertiseadvanced kbprb kbtshoot KB940463

Back to the top

Article Translations

 

Other Support Options

  • Need More Help?
    Contact a Support professional by E-mail, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.