I just installed ISA 2006 a few days ago and today, the Microsoft Firewall service choked and I had to restart it manually.
The error messages were: Source: Microsoft ISA Server Web Proxy Event ID: 5 Information for the ISA server Web filter log could not be logged to the text file ISALOG_20070301_WEB_000.iis in the path c:\Program Files\Microsoft ISA Server\ISALogs. Error code:
Then there is an informational event stating that the Firewall service was stopped gracefully.
This is a W2K3 server with the latest SP and Hotfixes and nothing else running on it except the defaults that Windows Server 2003 and ISA install. No backups or 3rd party apps or AV. I don't think it's a HD issue, this is a brand new server configured in RAID 1 and there are no disk events and a CHKDSK showed no problems. The server has a moderate traffic on it on average about 160MB of logs per day.
I switched back to MSDE database logging for both logs. Does anyone have any ideas what could be causing this?
This happened to me twice, once on a test box and now on the production server. the other thing that I did was to set the service to restart if it fails because both times, I just had to hit the play button to get everything running again.
I have not seen the error again on the production box but the database loggin sure is a pig for drive space usage.
It seems there is a problem with the defined lenght for the field. If the data is longer than the defined lenght ISA can not write the log and the the firewall service stops.
Posts: 10
Joined: 21.Sep.2004
From: London
Status: offline
Whilst it may not fix the problem, there is a script you can get from the Microsoft website that stops ISA going into lockdown mode and shutting off the firewall service when it can't log.
Having the same problem myself with the firewall service dying with Event ID 5. Using ISA logging format, ISA 2006 on Server 2003 R2 SP2. It's been dying a couple times a day since we moved over from ISA 2004. I just unchecked "Referring server" after finding this, will report back if this does or doesn't seem to fix it.
Thanks to ibre34 for posting this potential solution!
I have almost a smiliar problem. The only difference that it is FWS log causing error. And there is no Referring Server field in it, so no easy solution for me. And what even worse, now Firewall Service refuses to restart manually. I tried to disable logging and restart FWS, but it kept coming up with an error in the event log that says something about CreateSharedMemory error during performance counters initialization (ID 11004).
< Message edited by unstable -- 10.Apr.2007 8:44:00 AM >
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA 2006 General] >> General >> Firewall Service shutdown with Event ID 5 
Firewall Service shutdown with Event ID 5 - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread