Microsoft KB Archive/888926

= Event ID 14177 is logged, and the Web Proxy service does not start in Internet Security and Acceleration Server 2000 =

Article ID: 888926

Article Last Modified on 6/21/2006

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition

-





SYMPTOMS
On a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2000, the Web Proxy service may no longer start. Additionally, the following event may appear in the Application log in Event Viewer:

Event Source: Microsoft ISA Server

Event Category: None

Event ID: 14177

Date:

Time:

Type: Error

User N/A

Computer:

Description: Some certificates cannot be initialized (error code 2146885628). The Web Proxy service could not initialize. Check that all certificates used by the Web Proxy service are valid.



CAUSE
This issue may occur if an invalid or corrupted certificate exists in the certificate store. You may experience this issue after you install a new certificate.

If the certificate is corrupted or not valid, the Web Proxy service may stop when it tries to start the Secure Sockets Layer (SSL) listener.



RESOLUTION
To resolve this issue, follow these steps.

Step 1: Verify the validity of the certificate on the ISA Server computer
 Click Start, click Run, type mmc, and then click OK. On the Console menu, click Add/Remove Snap-in. Click Add, click Certificates, and then click Add. Click Computer account, click Next, leave the Local computer option selected, and then click Finish. Click Close, and then click OK. Under Console Root, expand Certificates (Local Computer).</li> Expand Personal, and then click Certificates.</li> In the right pane, double-click a certificate.</li> Click the Certification Path tab, and then examine the information in the Certificate status box. This box should contain the following status information:

This certificate is OK.

</li> Click OK.</li> If the certificate is not valid, remove it. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Right-click the certificate, and then click Delete.</li> On the following message that appears, click Yes:

You will not be able to decrypt data encrypted using this certificate. Do you wish to delete this certificate?

</li></ol> </li> Follow steps 8 through 11 to remove certificates that are not valid.</li> If the computer certificate was not valid, obtain a new certificate. For additional information about how to request a certificate in Windows, visit the following Microsoft Web site:

http://technet2.microsoft.com/windowsserver/en/library/7E918937-B0CC-4094-9009-4E0798986BEF1033.mspx

</li> If you obtained a new certificate, reset the certificate reference on the SSL listener in ISA Server. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Start the ISA Management tool.</li> Expand Servers and Arrays, right-click your ISA Server computer, and then click Properties.</li> Click the Incoming Web Requests tab.</li> In the Identification box, click your ISA Server computer, and then click Edit.</li> Click Select, click the new certificate that you obtained, and then click OK two times.</li> Click OK, click Save the changes and restart the service(s), and then click OK.</li></ol> </li></ol>

If this issue is not resolved, continue to &quot;Step 2: Remove, and then re-create the SSL listener on the ISA Server computer&quot;.

Step 2: Remove, and then re-create the SSL listener on the ISA Server computer
<ol> <li>Start the ISA Management tool.</li> <li>Expand Servers and Arrays, right-click your ISA Server computer, and then click Properties.</li> <li>Click the Incoming Web Requests tab.</li> <li>Click to clear the Enable SSL listeners check box, and then click OK.</li> <li>Click Save the changes and restart the service(s), and then click OK.</li> <li>Wait for several minutes to let the ISA Server services restart.</li> <li>Right-click your ISA Server computer, and then click Properties.</li> <li>Click the Incoming Web Requests tab.</li> <li>Click to select the Enable SSL listeners check box, and then click OK on the following message that appears:

SSL requests will be accepted only if an appropriate server certificate is configured for each listener.

</li> <li>Click OK, click Save the changes and restart the service(s), and then click OK.</li></ol>

<div class="moreinformation_section">

MORE INFORMATION
For additional information about how to configure incoming Web request properties in ISA Server 2000, visit the following Microsoft Web site:

http://www.microsoft.com/resources/documentation/isa/2000/enterprise/proddocs/en-us/isadocs/cmt_reverseconfig.mspx

Keywords: kbtshoot kbfirewall kbprb KB888926

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.