Microsoft KB Archive/813915

= The firewall service does not start and events are logged in the system event log and in the application event log =

Article ID: 813915

Article Last Modified on 2/23/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2000 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2000 Service Pack 1
 * Microsoft Internet Security and Acceleration Server 2000 Feature Pack 1

-



SYMPTOMS
The Microsoft Internet Security and Acceleration (ISA) Server firewall service does not start and the following event is logged in the system event log:

Event Type: Error Event

Source: Service Control Manager

Event Category: None

Event ID: 7024

Date:

Time:

Computer:

User: N/A

Description: The Microsoft Firewall service terminated with service-specific error 213005.

Additionally, one of the following events is logged in the application event log, depending on the service pack or the feature pack that you have installed for your server.

Service Pack 1 or Feature Pack 1 installed
Event Type: Error Event

Source: Microsoft Firewall Event

Category: None

Event ID: 11005

Date:

Time:

User: N/A

Computer:

Description: Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT) because the system call InitNAT failed. Use the source location 308.1113.3.0.1200.50 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.

No service packs or feature packs installed
Event Type: Error

Event Source: Microsoft Firewall

Event Category: None

Event ID: 11011

Date:

Time:

User: N/A

Computer:

Description: Microsoft Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT) because the system call PNATInit failed. Use the source location 308.1151.3.0.1200.166 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. This failure may be due to the Internet Connection Firewall (ICF) service being enabled. If it is enabled, please disable the service named &quot;Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)&quot; (SharedAccess). Then, restart the computer. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.

Note When you install ISA Server or ISA Server Service Pack 1, Internet Connection Sharing is automatically detected and turned off.



CAUSE
ISA Server is configured to install its own NAT driver. The firewall service will not start if any other NAT driver is installed on ISA Server. This problem may occur if any one of the following is true:
 * You have Routing and Remote Access configured as an Internet connection server with NAT.
 * You have the Internet Connection Sharing SharedAccess service turned on.
 * You have the Internet Connection Firewall service turned on (Microsoft Windows Server 2003 only).



RESOLUTION
To resolve this problem, use one of the following methods.

Method 1: You have Routing and Remote Access configured as an Internet connection server with NAT
To resolve this problem, follow these steps:
 * 1) Open the Routing and Remote Access Management Console.
 * 2) Expand the server, and then expand IP routing.

If you see that the NAT filter is installed, turn off Routing and Remote Access by right-clicking the server.
 * 1) Restart the server.

Method 2: You have the Internet Connection Sharing (SharedAccess) service turned on
Turn off Internet Connection Sharing (SharedAccess). To do this, follow these steps:
 * 1) Right-click My Network Places, and then click Properties.
 * 2) Select a network adapter.
 * 3) Right-click the adapter, and then click Properties to see if Internet Connection Sharing is turned on.
 * 4) Click the Sharing tab.
 * 5) Click to clear the Internet Connection Sharing check box.
 * 6) Use the services Microsoft Management Console (MMC) to turn off the Internet Connection Sharing service.
 * 7) Restart the server.
 * 8) Repeat this procedure for any other adapter that has Internet Connection Sharing turned on.

Method 3: You have the Internet Connection Firewall (ICF) service turned on (Windows Server 2003 only)
To resolve this problem, turn off ICF. To do this, follow these steps:
 * 1) Right-click My Network Places, and then click Properties.
 * 2) Select a network adapter.
 * 3) Right-click the adapter, and then click Properties to see if Internet Connection Firewall is turned on.
 * 4) Click the Advanced tab
 * 5) Click to clear the Internet Connection Firewall check box.
 * 6) Use the services MMC to turn off the Internet Connection Firewall/ Internet Connection Sharing service.
 * 7) Restart the server.
 * 8) Repeat this procedure for any other adapter that has Internet Connection Firewall turned on.

Note ICF and the ISA Server firewall are mutually exclusive services. That is, you can start only one of the services at a time. If you want to help protect large networks, and you have ISA Server, use the ISA firewall service because it provides greater functionality and greater reporting capabilities.

Additional query words: isa firewall InitNAT PNATInit nat 11005 11011 313964

Keywords: kbprb kberrmsg kbtshoot KB813915

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.