Re: ISA 2004 run as network service problem
- From: "Dave Nickason [SBS MVP]" <gwdibble@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 3 Mar 2008 16:51:18 -0500
Do you have anything in between your gateway device (DSL router or whatever) and the SBS external NIC? It's not uncommon for external routers and/or firewall type devices to block VPN.
I'm into more than one VPN issue to day and can't remember if I asked you - you did run the "configure remote access" wizard from the Internet page of the Server Mgmt. Console, right? If not, please do that.
"Gallis4life" <Gallis4life@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:19C6A5A5-EB33-4CAC-87D0-EDB827D833E7@xxxxxxxxxxxxxxxx
Correct. no errors are logged when it is set to network service and vpn users
can't connect. tonigt i will try to re-start the service later today and see
if the red x goes away. i have run the configure the remote access wizard. I
have also run SBS BPA and the only issues are
warnings
EDNS is enabled
owa update for exchange server not installed
windows sbs backup has not been run
windows server 2003 service pack 1 is installed and sp2 is avaiable
i also ran isa server 200 BPA
Critical
the local service or network service account does not have the Generate
security audits permission
i will try the live logging in a min
"Dave Nickason [SBS MVP]" wrote:
So when you have the Firewall service set to "network service," no errors
are logged including those related to logging? And when it's at "network
service," the VPN users can't connect, but otherwise they can? Does the red
X go away if you restart the firewall service?
Have you run the "configure remote access" wizard from the Internet page of
the Server Mgmt. Console?
What happens if, instead of using live logging, you try viewing the activity
for the last hour?
Please run the SBS BPA and see if you find anything noteworthy.
Description of the Windows Small Business Server 2003 Best Practices
Analyzer tool
http://support.microsoft.com/kb/940439/en-us
"Gallis4life" <Gallis4life@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7F67759D-E023-4E74-AC9C-8710BBEAA117@xxxxxxxxxxxxxxxx
> Dave,
>
> the service only fails to start at boot after i change the account ISA
> runs
> under. and that is caused by some log errors. when it is changed to > the
> default user ( network service) users are unable to authenticate when
> connecting using the VPN and i am unable to view live ogs and monitor > for
> troubleshooting. the firewall service says running but the icon has a > "red
> x"
> and uptime says "????" i agree, i did not want to change the account it
> runs
> under but i was unable to find any other solutions. at the time but it
> seems
> i have created even more problems. when it is set to default network
> service
> i see no errors in the event log.
>
> "Dave Nickason [SBS MVP]" wrote:
>
>> I don't recommend changing anything like the accounts ISA runs under -
>> that
>> should all be left as it was when you first installed it. I also
>> recommend
>> against installing Windows SP2 until you've solved the existing >> problem.
>>
>> IMO you need to troubleshoot the ISA logging failures. In its default
>> configuration, if it can't log, ISA will go into "lockdown," which >> will
>> prevent just about all traffic.
>>
>> If a service fails to start when the system boots, it should log >> useful
>> information to tell you what happened. I would start by looking in >> your
>> system and application logs to see if you can figure out what's >> failing
>> when
>> ISA attempts to start. You can look for information on the specific
>> errors
>> at eventid.net and support.microsoft.com, and/or post back here.
>>
>> If you're using MSDE or SQL for ISA logging, you could switch >> temporarily
>> to
>> logging to file instead, to see if that makes any difference. Don't
>> forget
>> to change both the firewall and the web proxy log settings.
>>
>>
>> "Gallis4life" <Gallis4life@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:8ACE733B-60E7-40BD-ADDD-4177734869CE@xxxxxxxxxxxxxxxx
>> > I'm in the process of completing my first SBS 2003 R2 installation. >> > i
>> > have
>> > installed and configured all the built-in( exchange, isa, SQL,...)
>> > services
>> > already but mostly on an enterprise scale. My problem is with ISA >> > 2004
>> > when i
>> > first installed and updated to SP3 everything seemed fine untill i
>> > tried
>> > to
>> > query a log in ISA i get a Log stopped becase of an error. i did a
>> > little
>> > research and changed the account the Microsoft firewall service >> > start
>> > with
>> > from network system to local system and all worked fine.. untill i
>> > rebooted
>> > the server. it takes about 15 mins to " prepare network connections"
>> > becase
>> > the Microsoft firewall service failed to start because. i also see a
>> > database
>> > error right before that one. the funny thing is once i log into >> > the
>> > server
>> > i am able to start the service and all goes back to normal. i even
>> > tried
>> > to
>> > re-install SP3 for ISA but the service goes back to starting with
>> > network
>> > service and My VPN clients can't connect so i had to change it back >> > to
>> > local
>> > service, the only patches i'm missing is windows 2003 SP2. any >> > ideas
>> > ??
>> >
>> > Sorry for the long post :)
>>
.
- Follow-Ups:
- Re: ISA 2004 run as network service problem
- From: Gallis4life
- Re: ISA 2004 run as network service problem
- References:
- Re: ISA 2004 run as network service problem
- From: Dave Nickason [SBS MVP]
- Re: ISA 2004 run as network service problem
- From: Gallis4life
- Re: ISA 2004 run as network service problem
- From: Dave Nickason [SBS MVP]
- Re: ISA 2004 run as network service problem
- From: Gallis4life
- Re: ISA 2004 run as network service problem
- Prev by Date: Re: NTBackup requires 18-23 hours to complete.
- Next by Date: Re: NTBackup requires 18-23 hours to complete.
- Previous by thread: Re: ISA 2004 run as network service problem
- Next by thread: Re: ISA 2004 run as network service problem
- Index(es):
Relevant Pages
|
Loading
