Microsoft KB Archive/927027

From BetaArchive Wiki
Knowledge Base

The Microsoft Firewall service does not start, and event ID 11002 is logged on a member of an ISA Server 2004 array

Article ID: 927027

Article Last Modified on 12/4/2007


  • Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition


You experience the following symptoms on one or more members of a Microsoft Internet Security and Acceleration (ISA) Server 2004 array:

  • The Microsoft Firewall service does not start.
  • An error message that resembles the following is logged in the Application log on the affected computer or computers:

    Event Type: Error
    Event Source: Microsoft Firewall
    Event Category: None
    Event ID: 11002
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: Microsoft Firewall failed to start. The failure occurred during creation of logging module because the configuration property msFPCLogFileDirectory of key SOFTWARE\Microsoft\Fpc\Storage\EffecTree2\Array-Root\Arrays\{GUID}\Logs\Proxy-WSP is not valid. Use the source location 5.826.4.0.3443.594 to report the failure. The error description is: The system cannot find the path specified.


This problem occurs if the following conditions are true:

  • Logging is configured in the ISA Server array.
  • One or more of the array members no longer have access to the logging location.

When you configure logging in an ISA Server array, each array member must use the same location to store the log files. For example, if you configure logging to the L:\LogFiles folder in the array, each member of the array must have access to an L:\LogFiles folder on the local computer. This behavior occurs because the array members obtain the log folder information from the array configuration. If a member of the array cannot store log files in the specified location, the Microsoft Firewall service does not start on that particular computer.

The following example illustrates a scenario in which this problem occurs:

  1. You have an ISA Server 2004 array that contains two members, Node A and Node B.
  2. You configure a volume that has the drive letter L together with a folder that is named ISALogs on each array member.
  3. You configure Firewall logging in the array to store the firewall log file in the L:\ISALogs folder.
  4. You shut down Node B, and then remove the volume that you added in step 2.

In this scenario, the Microsoft Firewall service does not start when you next start Node B.


To resolve this problem, verify that each member of the array has access to the local path of the logging location. For example, if ISA Server 2004 is configured to store the log files in the L:\ISALogs folder, verify that each array member has access to an L:\ISALogs folder.

Additional query words: logfiles

Keywords: kbtshoot kbfirewall kbeventlog kbprb KB927027