Microsoft KB Archive/940463

= You cannot start the Microsoft Firewall service on a server that is running ISA 2004 or ISA 2006 if you enable SSL on a Web listener =

Article ID: 940463

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

-



SYMPTOMS
A server is running Microsoft Internet Security and Acceleration (ISA) Server 2004 or ISA Server 2006. On the server, you enable Secure Sockets Layer (SSL) on a Web listener. In this situation, you cannot start the Microsoft Firewall service. However, if you disable SSL on the Web listener, you can successfully start the Microsoft Firewall service. When this problem occurs, events that resemble the following may be logged in the event log:

Event 14001 Event Source: Microsoft Firewall

Event ID: 14001

Description: Firewall Service failed to initialize. Previous event log entries might help determine the proper action

Event 14060 Event Source: Microsoft Firewall

Event ID: 14060

Description: Description: Cannot load an application filter Web Proxy Filter

({4CB7513E-220E-4C20-815A-B67BAA295FF4}). FilterInit failed with code 0x80092004.

To attempt to activate this application filter again, stop and restart the Firewall service.

Event 14177 Event Source: Microsoft ISA Server Web Proxy

Event ID: 14177

Description: Some certificates cannot be initialized (error code -2146885628). The Web Proxy filter could not initialize. Check that all certificates used by the Web Proxy filter are valid.



CAUSE
This problem occurs because of a problem with the SSL server certificate that the Web listener uses. The problem can be one of the following problems:
 * The certificate has expired.
 * The certificate is corrupted.
 * The certificate is installed incorrectly.



WORKAROUND
To work around this problem, follow these steps:
 * 1) In the Certificates Microsoft Management Console (MMC) snap-in, delete the certificate, and then re-import the certificate.
 * 2) Configure the Web listener to use the certificate.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbtshoot kbprb kbexpertiseadvanced KB940463

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.