Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. The firewall service does not start and events are logged in the system event log and in the application event log

The firewall service does not start and events are logged in the system event log and in the application event log

View products that this article applies to.

Symptoms

The Microsoft Internet Security and Acceleration (ISA) Server firewall service does not start and the following event is logged in the system event log:


Event Type: Error Event
Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: date
Time: time
Computer: computer name
User: N/A
Description: The Microsoft Firewall service terminated with service-specific error 213005.

Additionally, one of the following events is logged in the application event log, depending on the service pack or the feature pack that you have installed for your server.

Service Pack 1 or Feature Pack 1 installed


Event Type: Error Event
Source: Microsoft Firewall Event
Category: None
Event ID: 11005
Date: date
Time: time
User: N/A
Computer: computer name
Description: Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT) because the system call InitNAT failed. Use the source location 308.1113.3.0.1200.50 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.

No service packs or feature packs installed


Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 11011
Date: date
Time: time
User: N/A
Computer: computer name
Description: Microsoft Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT) because the system call PNATInit failed. Use the source location 308.1151.3.0.1200.166 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. This failure may be due to the Internet Connection Firewall (ICF) service being enabled. If it is enabled, please disable the service named "Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)" (SharedAccess). Then, restart the computer. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.

Note When you install ISA Server or ISA Server Service Pack 1, Internet Connection Sharing is automatically detected and turned off.

↑ Back to the top

Cause

ISA Server is configured to install its own NAT driver. The firewall service will not start if any other NAT driver is installed on ISA Server. This problem may occur if any one of the following is true:
  • You have Routing and Remote Access configured as an Internet connection server with NAT.
  • You have the Internet Connection Sharing SharedAccess service turned on.
  • You have the Internet Connection Firewall service turned on (Microsoft Windows Server 2003 only).

↑ Back to the top

Resolution

To resolve this problem, use one of the following methods.

Method 1: You have Routing and Remote Access configured as an Internet connection server with NAT

To resolve this problem, follow these steps:
  1. Open the Routing and Remote Access Management Console.
  2. Expand the server, and then expand IP routing.

    If you see that the NAT filter is installed, turn off Routing and Remote Access by right-clicking the server.
  3. Restart the server.

Method 2: You have the Internet Connection Sharing (SharedAccess) service turned on

Turn off Internet Connection Sharing (SharedAccess). To do this, follow these steps:
  1. Right-click My Network Places, and then click Properties.
  2. Select a network adapter.
  3. Right-click the adapter, and then click Properties to see if Internet Connection Sharing is turned on.
  4. Click the Sharing tab.
  5. Click to clear the Internet Connection Sharing check box.
  6. Use the services Microsoft Management Console (MMC) to turn off the Internet Connection Sharing service.
  7. Restart the server.
  8. Repeat this procedure for any other adapter that has Internet Connection Sharing turned on.

Method 3: You have the Internet Connection Firewall (ICF) service turned on (Windows Server 2003 only)

To resolve this problem, turn off ICF. To do this, follow these steps:
  1. Right-click My Network Places, and then click Properties.
  2. Select a network adapter.
  3. Right-click the adapter, and then click Properties to see if Internet Connection Firewall is turned on.
  4. Click the Advanced tab
  5. Click to clear the Internet Connection Firewall check box.
  6. Use the services MMC to turn off the Internet Connection Firewall/ Internet Connection Sharing service.
  7. Restart the server.
  8. Repeat this procedure for any other adapter that has Internet Connection Firewall turned on.


Note ICF and the ISA Server firewall are mutually exclusive services. That is, you can start only one of the services at a time. If you want to help protect large networks, and you have ISA Server, use the ISA firewall service because it provides greater functionality and greater reporting capabilities.

↑ Back to the top

Keywords: KB813915, kbtshoot, kberrmsg, kbprb

↑ Back to the top

Article Info
Article ID : 813915
Revision : 4
Created on : 2/23/2007
Published on : 2/23/2007
Exists online : False
Views : 410