RE: Firewall service and remoteaccess service shut down frequently

Hello Dan,

Thank you for posting here. Let's also thank Larry for the input.

From the description, I understand that you kept on receiving event 14147
on the SBS Server about ISA 2004. If I am off base, please do let me know.

The 14147 error is very common. We can even see such error on a normal
system. Generally speaking, if you do not have any network access and
connectivity issue, you can safely ignore the problem.

Do you have run the CEICW after installing the ISA components? If not,
please open SBS server management console, navigate to 'To Do List'. Click
'Connect to the internet' in the right panel. Follow the wizard to
configure the networking settings.

More info:
825763 How to configure Internet access in Windows Small Business Server
2003
http://support.microsoft.com/?id=825763

Regarding the error 14147, it may occur if the routing table on the ISA
Server computer is different from the ISA Server configuration. In this
scenario, any traffic that is sent from or to the IP addresses that appear
in the events from the "Symptoms" section is dropped by ISA Server. ISA
Server considers this traffic as spoofed.

I suggest you try the following steps to see if the problem can be resolved:

1. Open ISA management console, navigate to
Servername\Configuration\Networks, on the "Networks" pane, and double click
Internal.

2. Go to the Addresses tab, remove the existed address range.

3. Click the Add Adapter button, and add your internal network adapter
(Server Local Area Connection)

4. Then confirm only the address range of your internal network will be
listed. And ensure 10.255.255.255-10.255.255.255 which lists in the error
massage does not apply here.

Click the Apply button to save the changes.

If you have multiple subnets in your network, you may also refer to this KB
document for resolution:

Client computers cannot access external resources, and event ID 14147
appears in the Application log in ISA Server 2004 (884496)
http://support.microsoft.com/default.aspx?scid=KB;EN-US;884496

Meanwhile, from the subject, you said you the firewall service and RRAS
will shutdown frequently. I must let you know that: we unable to start the
windows firewall service on SBS 2003. Please open the services console on
SBS and set the "Windows Firewall/Internet Connection Sharing (ICS)"
service to disable and stop it. Then, the RRAS service will not shutdown.

If we cannot resolve the issue after we perform the above steps, please
help me collect some information for further investigation:

Gather MPS network report on SBS:

a. Download MPSrepot_network from
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE

b. Run MPSRPT_NETWORK.exe.

c. The tool will automatically collect the information. This procedure will
take 10~15 minutes.

d. Open Windows Explorer, navigate to the folder:
%SystemRoot%\MPSReports\Network\Reports\Cab\

e. Send the .cab file directly to me at v-terliu@xxxxxxxxxxxxx

I hope these steps will give you some help.

Thanks and have a nice day!

Best regards,

Terence Liu(MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Firewall service and remoteaccess service shut down
frequently
| thread-index: Acg2nYiTyUbKw6vuTquIHsKimwj9yQ==
| X-WBNR-Posting-Host: 207.46.19.197
| From: =?Utf-8?B?RGFuNw==?= <Dan7@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Firewall service and remoteaccess service shut down frequently
| Date: Tue, 4 Dec 2007 09:46:00 -0800
| Lines: 31
| Message-ID: <75342A73-BDC0-4977-8EBC-649A5178572A@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2992
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:79984
| NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Can't put my finger on this. Appearently started a few months back. Not
sure
| why.
|
| System is SBS 2003 Prem. SP2, ISA 2004 SP3. dual NIC configuration.
|
| Have this error in event viewer associated with the firewall:
|
| ISA Server detected routes through the network adapter Internet
Connection
| that do not correlate with the network to which this network adapter
belongs.
| When networks are configured correctly, the IP address ranges included in
| each array-level network must include all IP addresses that are routable
| through its network adapters according to their routing tables. Otherwise
| valid packets may be dropped as spoofed. The following ranges are
included in
| the network's IP address ranges but are not routable through any of the
| network's adapters: 10.255.255.255-10.255.255.255;. Note that this event
may
| be generated once after you add a route, create a remote site network, or
| configure Network Load Balancing and may be safely ignored if it does not
| re-occur.
|
| Here's the error when the firewall shutsdown I believe. It is the last
event
| pertaining to the firewall prior to the firewall being turned back on.
|
| The Microsoft Firewall failed to log information to file
| ISALOG_20071204_FWS_000.w3c in path C:\Program Files\Microsoft ISA
| Server\ISALogs. The data is the error code.
|
| This makes no sense to me. How do I read this logfile? This is a
critical
| problem since when employees arrive at work they have no access to the
domain
| or the Internet until the firewall service is restarted.
|
| Any help is greatly appreciated.
|

.