Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

You cannot start the Microsoft Firewall service on a server that is running ISA 2004 or ISA 2006 if you enable SSL on a Web listener


View products that this article applies to.

Symptoms

A server is running Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006. On the server, you enable Secure Sockets Layer (SSL) on a Web listener. In this situation, you cannot start the Microsoft Firewall service. However, if you disable SSL on the Web listener, you can successfully start the Microsoft Firewall service. When this problem occurs, events that resemble the following may be logged in the event log:

Event 14001

Event Source: Microsoft Firewall
Event ID: 14001
Description: Firewall Service failed to initialize. Previous event log entries might help determine the proper action

Event 14060

Event Source: Microsoft Firewall
Event ID: 14060
Description: Description: Cannot load an application filter Web Proxy Filter
({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed with code 0x80092004.
To attempt to activate this application filter again, stop and restart the Firewall service.

Event 14177

Event Source: Microsoft ISA Server Web Proxy
Event ID: 14177
Description: Some certificates cannot be initialized (error code -2146885628). The Web Proxy filter could not initialize. Check that all certificates used by the Web Proxy filter are valid.

↑ Back to the top


Cause

This problem occurs because of a problem with the SSL server certificate that the Web listener uses. The problem can be one of the following problems:
  • The certificate has expired.
  • The certificate is corrupted.
  • The certificate is installed incorrectly.
  • The Web listeners are not using the certificate appropriately.
  • There are overlapping Web listeners.
  • Multiple overlapping publishing rules are set up incorrectly.

↑ Back to the top


Workaround

To work around this problem, follow these steps:
  1. In the Certificates Microsoft Management Console (MMC) snap-in, delete the certificate, and then re-import the certificate.
  2. Configure the Web listener to use the certificate.

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


Keywords: KB940463, kbtshoot, kbprb, kbexpertiseadvanced

↑ Back to the top

Article Info
Article ID : 940463
Revision : 3
Created on : 2/18/2008
Published on : 2/18/2008
Exists online : False
Views : 510