• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA Server 2006 - Firewall Service terminates

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> ISA Server 2006 - Firewall Service terminates Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
ISA Server 2006 - Firewall Service terminates - 15.Mar.2007 8:12:25 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
Hi experts,
i have a problem with a ISA Server 2006!
The Firewall Service sometimes terminates with the following events in eventlog:

Event ID 14057
The Firewall service stopped because an application filter module
%PROGRAMFILES%\Microsoft ISA Server\SCWebFilter2004.dll generated
an exception code C0000005 in address 06D66514 when function
CompleteAsyncIO was called. To resolve this error,
remove recently installed application filters and restart the service

Event ID 14079
Due to an unexpected error, the service fwsrv stopped responding to all requests.
Stop the service or the corresponding process if it does not respond,
and then start it again. Check for related error messages.

On the ISA Server there is installed a webfilter called Surfcontrol Webfilter and for symantec anti virus to protect the isa server self!

I excluded the following folders and files to be scanned by symantec real time scan:
*.mdf
*.ldf
%PROGRAMFILES%\Microsoft ISA Server
%PROGRAMFILES%\Microsoft SQL Server
%PROGRAMFILES%\SurfControl

When i disable the SurfControl webfilter services, it seems to work...but that isnt a solution for me, cause else i have no filtering!!!

All articels and solutions from Microsoft are for ISA Server 2004.

What to do?

thanks
Post #: 1
RE: ISA Server 2006 - Firewall Service terminates - 15.Mar.2007 1:52:28 PM   
Jassyca

 

Posts: 8
Joined: 3.Aug.2006
Status: offline
Did you see this?
http://kb.surfcontrol.com/display/1n/index.asp?c=&cpc=&cid=&cat=&catURL=&r=0.253216

(Hope the link works)

Editted to add..

CRAP! No, the link did NOT work.  Okay, go to http://kb.surfcontrol.com, change the thingie to search by article number. The article number you want to search for is 2064 "Hotfix 2 for Web Filter for ISA server 5.5"

Hope that fixes it for you!

< Message edited by Jassyca -- 15.Mar.2007 1:56:41 PM >

(in reply to PraesidentEvil)
Post #: 2
RE: ISA Server 2006 - Firewall Service terminates - 19.Mar.2007 5:31:59 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
hi,
first thanks for your reply!
The SurfControl Version is excatly the same...but after applying
the hotfix the microsoft firewall service terminated again!

And now?

Thanks

(in reply to Jassyca)
Post #: 3
RE: ISA Server 2006 - Firewall Service terminates - 19.Mar.2007 10:08:44 AM   
Jassyca

 

Posts: 8
Joined: 3.Aug.2006
Status: offline
From the first error message, it sounded to me like the Surf Control web filter is the problem and when it dies, it takes the ISA's firewall service with it. Too bad that hot fix didn't fix it for you. At this point, I would say call Surf Control's tech support. They will know their product better than any of us and might even know why it's running into trouble. Call them, don't email. Email might take a day before you get a response. But before you call, plan as if you are going to be on hold for at least 30 to 40 minutes. So don't call if you've got a meeting to go to or some other pending deadline. (I always make sure I visit the bathroom before making any support call! )

Good luck! And if they fix it, would you come back here and let us know what they found? Never know when fellow Surf Control web filter administrator might run into the same problem and come here hoping to find an answer.

(in reply to PraesidentEvil)
Post #: 4
RE: ISA Server 2006 - Firewall Service terminates - 19.Mar.2007 10:23:14 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
UPDATE!!!
The hotfix did the job. There was a problem with registering the ScWebFilter2004.dll in the eventlog.
So i started the SurfControl & M$ Firewall Service and registered the dll in running state...now the M$ Firewall Service is running 3 hours....I think that solved the problem...i hope so :)
 
Thanks very much!!!

(in reply to Jassyca)
Post #: 5
RE: ISA Server 2006 - Firewall Service terminates - 19.Mar.2007 10:43:22 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
I wouuld strongly recommend that you remove the AV to protect the ISA Firewall itself. Unless you are not competently managing the ISA Firewall, there are no vectors of attack. Of course, if you're using the ISA Firewall as a workstation and running the browser, mail client, and Bittorrent on the ISA Firewall, then you would need it. But no well managed ISA Firewall I've ever enountered needed a host AV program. All you do with that is increase the attack surface and reduce performance -- two things I typically think are bad.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PraesidentEvil)
Post #: 6
RE: ISA Server 2006 - Firewall Service terminates - 19.Mar.2007 10:53:21 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
hi tshinder,
u always make those nice whitepapers right? :)
I excluded the complete ISA Server folder under C:\program files to be scanned by symantec, did u meant this?
greetz!

(in reply to tshinder)
Post #: 7
RE: ISA Server 2006 - Firewall Service terminates - 20.Mar.2007 3:28:38 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
Bad news! The Service is always stopping! :(

(in reply to PraesidentEvil)
Post #: 8
RE: ISA Server 2006 - Firewall Service terminates - 20.Mar.2007 8:59:39 AM   
Jassyca

 

Posts: 8
Joined: 3.Aug.2006
Status: offline
Do you see the same error messages in Event Viewer as in your first message? If so, did you contact Surf Control? If the error is different, what does it say?

(in reply to PraesidentEvil)
Post #: 9
RE: ISA Server 2006 - Firewall Service terminates - 20.Mar.2007 10:12:09 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
No i get another entry:

Event ID: 7034
The Microsoft Firewall service terminated unexpectedly. It has done this X time(s).

And this here:
The description for Event ID ( 14079 ) in Source ( Microsoft ISA Server Control ) cannot be found.
The local computer may not have the necessary registry information or message DLL files to display
messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this
description; see Help and Support for details. The following information is part of the event: fwsrv.

(in reply to Jassyca)
Post #: 10
RE: ISA Server 2006 - Firewall Service terminates - 20.Mar.2007 12:10:57 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
quote:

ORIGINAL: PraesidentEvil

hi tshinder,
u always make those nice whitepapers right? :)
I excluded the complete ISA Server folder under C:\program files to be scanned by symantec, did u meant this?
greetz!


Hi PE,

No! I remove the AV product from the ISA Firewall. You don't need it, and it just sits there creating performance and security issues, since it effectively increases the attack surface of the ISA Firewall.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PraesidentEvil)
Post #: 11
RE: ISA Server 2006 - Firewall Service terminates - 20.Mar.2007 12:17:36 PM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
Do u think to uninstall the Symantec Scanner could solve my problem?

regards

(in reply to tshinder)
Post #: 12
RE: ISA Server 2006 - Firewall Service terminates - 20.Mar.2007 5:13:42 PM   
Jassyca

 

Posts: 8
Joined: 3.Aug.2006
Status: offline
Are there messages before or after the "Event ID (14079)"? For example, do you see any errors about the Surf Control filter like you mentioned in your first message? If the firewall service is still dying but you no longer see any errors about Surf Control in Event Viewer, then it sounds like we have a different problem.

For Event ID 14079, what little I can find on Microsoft's support site (http://support.microsoft.com) seems to point the finger at ISA server's cache, again and again. That the cache is corrupted or the server has some other problem (the cache is on a bad spot on the local hard drive or a drive controller is dying or some antivirus scanner did naughty things to the cache, etc. etc.) So how about we try a little test? Logon to your ISA Server then start the ISA manager utility. Go to "Your Server" --> Configuration --> Cache. You will probably see something listed under "Cache size on NTFS drives (MB)". Take note of the settings then click it once so it's highlighted and click the "Disable Caching" (over on the bottom right). Cacheing is a "nice to have". It helps ISA work more quickly and more efficiently but ISA can work without it. It just won't be very fast. At this point, since the firewall service is totally dying, "slow" is better than "no-go"! Disabling cacheing will tell us whether or not the reason the firewall service is crashing is because of a problem with ISA's cache. (Note: if there's more than one cache configured, disable all of them. But be sure you note how each was configured before you disable each one.) Save your changes. Restart the firewall service. Open Event Viewer and  watch the Application log, occasionally press the [F5] key (refresh) to see if any new errors occur.

Let us know what you find out.

(in reply to PraesidentEvil)
Post #: 13
RE: ISA Server 2006 - Firewall Service terminates - 21.Mar.2007 4:25:42 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
Hi....first thanks for your time u take for me :)
The Cache Drive Size is set to zero...so i cant disable caching..its disabled

Under the Tab Cache Rules i disabled the Microsoft Update Cache Rule...but there is a default Cahe Rule which i cant disable...

I also disabled the Symantec Virus Scanner to check TShinders suggestion...at the moment the service is running...but at the last try it runs 5 hours...so i have to wait (and hope) :)

regards

(in reply to Jassyca)
Post #: 14
RE: ISA Server 2006 - Firewall Service terminates - 22.Mar.2007 4:10:12 AM   
PraesidentEvil

 

Posts: 15
Joined: 15.Mar.2007
Status: offline
The Problem seems to be fixed!
I reinstalled the whole server...inalled isa...then surfcontrol...and then the same hotfix!

Not its running 14 hours i hope it will continue!

So thanks guys!!!

(in reply to PraesidentEvil)
Post #: 15
RE: ISA Server 2006 - Firewall Service terminates - 22.Mar.2007 3:23:16 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi PE,

Yay!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to PraesidentEvil)
Post #: 16
RE: ISA Server 2006 - Firewall Service terminates - 25.Apr.2007 5:47:10 AM   
mikeb99

 

Posts: 15
Joined: 13.Nov.2005
Status: offline
I've also got this problem with one of my ISA-2006 servers.
 
There is no 3rd party software, it's a dedicated stand-alone firewall (albeit member of a domain).
 
There is no cache configured (it causes too many problems with my websites) and the default cache rule is disabled.
 

The firewall has been totally reliable until the last week, and t
here is only one thing that I've done recently... installed Windows2003-SP2... it's been troublesome since.

 
However, the complicating issue is that I have another 2 ISA-2006 firewalls, also updated to W2003-SP2 and giving no problems.
 
The primary difference for the troublesome server is that it publishes Web and Mail servers with their public addresses as listener IPs
 
It's got me stumped just now... and the firewall service is crashing once a day with EventID 14057 (and precious little information in the event log) ...leaving the websites and mail servers off-line, and causing my customers some amount of heartburn.
 
I'm not sure where to go next, as a total re-install of ISA is not my first choice for a solution.
 
I'd appreciate any feedback others might have on this.
 
Cheers,
 
-- MB.

(in reply to PraesidentEvil)
Post #: 17
RE: ISA Server 2006 - Firewall Service terminates - 25.Apr.2007 10:13:53 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Mike,

Could this be a hardware problem?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to mikeb99)
Post #: 18
RE: ISA Server 2006 - Firewall Service terminates - 25.Apr.2007 12:26:30 PM   
Jassyca

 

Posts: 8
Joined: 3.Aug.2006
Status: offline
Since you have two other ISA servers, as a test, could you give one of them the job of publishing those websites? And if you do, does the problem follow? Or would that be too hard to do? (Like, maybe you have to change too much stuff: rules, network cards, network cables, IP addresses and on and on.)

Just a thought.

(in reply to tshinder)
Post #: 19
RE: ISA Server 2006 - Firewall Service terminates - 25.Apr.2007 6:05:49 PM   
mikeb99

 

Posts: 15
Joined: 13.Nov.2005
Status: offline
Tom,

Anything is possible, it's just that MS don't adequately describe the cause of the problem other than "replace the recently installed filter"... so there is precious little to give you a hint as to why/where the hardware would be involved.

< Message edited by mikeb99 -- 25.Apr.2007 6:06:58 PM >

(in reply to tshinder)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> ISA Server 2006 - Firewall Service terminates Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts