Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Event ID 14177 is logged, and the Web Proxy service does not start in Internet Security and Acceleration Server 2000


View products that this article applies to.

Symptoms

On a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2000, the Web Proxy service may no longer start. Additionally, the following event may appear in the Application log in Event Viewer:

Event Source: Microsoft ISA Server
Event Category: None
Event ID: 14177
Date: date
Time: time
Type: Error
User N/A
Computer: computername
Description: Some certificates cannot be initialized (error code 2146885628). The Web Proxy service could not initialize. Check that all certificates used by the Web Proxy service are valid.

↑ Back to the top


Cause

This issue may occur if an invalid or corrupted certificate exists in the certificate store. You may experience this issue after you install a new certificate.

If the certificate is corrupted or not valid, the Web Proxy service may stop when it tries to start the Secure Sockets Layer (SSL) listener.

↑ Back to the top


Resolution

To resolve this issue, follow these steps.

Step 1: Verify the validity of the certificate on the ISA Server computer

  1. Click Start, click Run, type mmc, and then click OK.
  2. On the Console menu, click Add/Remove Snap-in.
  3. Click Add, click Certificates, and then click Add.
  4. Click Computer account, click Next, leave the Local computer option selected, and then click Finish.
  5. Click Close, and then click OK.
  6. Under Console Root, expand Certificates (Local Computer).
  7. Expand Personal, and then click Certificates.
  8. In the right pane, double-click a certificate.
  9. Click the Certification Path tab, and then examine the information in the Certificate status box. This box should contain the following status information:
    This certificate is OK.
  10. Click OK.
  11. If the certificate is not valid, remove it. To do this, follow these steps:
    1. Right-click the certificate, and then click Delete.
    2. On the following message that appears, click Yes:
      You will not be able to decrypt data encrypted using this certificate. Do you wish to delete this certificate?
  12. Follow steps 8 through 11 to remove certificates that are not valid.
  13. If the computer certificate was not valid, obtain a new certificate. For additional information about how to request a certificate in Windows, visit the following Microsoft Web site:
  14. If you obtained a new certificate, reset the certificate reference on the SSL listener in ISA Server. To do this, follow these steps:
    1. Start the ISA Management tool.
    2. Expand Servers and Arrays, right-click your ISA Server computer, and then click Properties.
    3. Click the Incoming Web Requests tab.
    4. In the Identification box, click your ISA Server computer, and then click Edit.
    5. Click Select, click the new certificate that you obtained, and then click OK two times.
    6. Click OK, click Save the changes and restart the service(s), and then click OK.
If this issue is not resolved, continue to "Step 2: Remove, and then re-create the SSL listener on the ISA Server computer".

Step 2: Remove, and then re-create the SSL listener on the ISA Server computer

  1. Start the ISA Management tool.
  2. Expand Servers and Arrays, right-click your ISA Server computer, and then click Properties.
  3. Click the Incoming Web Requests tab.
  4. Click to clear the Enable SSL listeners check box, and then click OK.
  5. Click Save the changes and restart the service(s), and then click OK.
  6. Wait for several minutes to let the ISA Server services restart.
  7. Right-click your ISA Server computer, and then click Properties.
  8. Click the Incoming Web Requests tab.
  9. Click to select the Enable SSL listeners check box, and then click OK on the following message that appears:
    SSL requests will be accepted only if an appropriate server certificate is configured for each listener.
  10. Click OK, click Save the changes and restart the service(s), and then click OK.

↑ Back to the top


More information

For additional information about how to configure incoming Web request properties in ISA Server 2000, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB888926, kbprb, kbtshoot, kbfirewall

↑ Back to the top

Article Info
Article ID : 888926
Revision : 4
Created on : 6/21/2006
Published on : 6/21/2006
Exists online : False
Views : 323