Microsoft KB Archive/937028

= The Microsoft Firewall service does not start after an ISA Server 2004 SP3 installation fails =

Article ID: 937028

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition

-



SYMPTOMS
You have a computer that is running Microsoft Internet Security and Acceleration (ISA) Server 2004. You install ISA Server 2004 Service Pack 3 (SP3) on this computer either manually or from the Microsoft Update Web site.

If the ISA Server 2004 SP3 installation fails, a rollback operation is performed to restore the ISA Server components to their pre-update versions. However, after the rollback operation is complete, the Microsoft Firewall service does not start. Additionally, the following error messages are logged in the Application log:

Error message 1

Event Type: Error

Event Source: Microsoft ISA Server 2004

Event Category: None

Event ID: 1000

Date:

Time:

User: Not applicable

Computer:

Description:

Faulting application wspsrv.exe, version 4.0.2165.594, stamp 43cd50a5, faulting module dnsfltr.dll, version 4.0.2165.594, stamp 43cd50bc, debug? 0, fault address 0x0000cce9

Error message 2

Event Type: Error

Event Source: Microsoft Firewall

Event Category: None

Event ID: 14056

Date:

Time:

User: N/A

Computer:

Description:

The application filter (DNS Filter, CLSID={49FE2B2F-3BB4-495C-87C8-3890C3C35756}) performed an illegal operation inside the Firewall service process at method FilterInit. The Firewall service terminated. To resolve this error, remove recently installed application filters and restart the service. If this does not resolve the problem, contact the component vendor.



CAUSE
This issue occurs if the rollback operation is not successful and if the computer contains ISA Server 2004 components from the pre-update version and from ISA Server 2004 SP3.

The most common installation and rollback failures occur in the following scenario:
 * You have the ISA Server Management Microsoft Management Console (MMC) snap-in open in a separate Remote Desktop Protocol (RDP) session.
 * You use an unattended installation to install ISA Server 2004 SP3. For example, ISA Server 2004 SP3 is installed from the Microsoft Update Web site.

The Microsoft Update installer cannot prompt a user to close the ISA Server Management MMC snap-in. Therefore, the installation fails. Then, it starts a rollback of all changes to this point. If the rollback also fails, the computer will contain ISA Server 2004 components from the pre-update version and from ISA Server 2004 SP3.



WORKAROUND
To work around this issue, use one of the following methods.

Method 1: Reinstall ISA Server 2004 SP3
 Download ISA Server 2004 SP3.

For more information about how to download ISA 2004 SP3, visit the following Microsoft Web site:

http://www.microsoft.com/technet/isa/2004/downloads/default.mspx

 Exit all ISA Server utilities, and then close all ISA Server user interface components. For example, close the ISA Server Management Microsoft Management Console (MMC) snap-in. Exit all other RDP sessions on the server. To do this, follow these steps:  Open Task Manager, and then click the User tab. Right-click a user account that does not represent your current connection, and then click Log Off. When you are prompted to verify the action, click Yes. Repeat steps 3b through 3c for each RDP connection.</li></ol> </li> At a command prompt, type the following command to reinstall ISA Server 2004 SP3, and then press ENTER:

msiexec /p  REINSTALL=all REINSTALLMODE=omus /l*v c:\sp3.log

</li></ol>

Note We recommend that you reinstall ISA Server 2004 SP3 in repair mode.

Method 2: Reregister the ISA Server administration component
<ol> Click Start, click Run, type cmd, and then press ENTER.</li> At the command prompt, type the following commands. Press ENTER after each command.

cd /d “%programfiles%\microsoft isa server”

regsvr32 wspadmin.dll

</li> When you receive the &quot;DllRegisterServer in wspadmin.dll succeeded&quot; message, click OK.</li> At the command prompt, type the following commands. Press ENTER after each command.

md VPN\Netsh

net start fwsrv

</li></ol>

Keywords: kbtshoot kbprb kbexpertiseadvanced KB937028

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.