Windows Firewall

**Ryan** · 14th February 2008, 11:40 AM

Our ISA server (WinServer 2003) has stopped letting me RDP into it. (or ping, or anything) I've tracked it down to a corrupt Windows Firewall. It doesn't even start automatically on boot, and has to be started manually from Services.

Any idea how to uninstall or otherwise reinstall the built-in firewall from scratch? Everything else is running fine.

**elsiegee40** · 14th February 2008, 11:45 AM

Do you need Windows firewall? Can it be disabled? I have it disabled everywhere

**DMcCoy** · 14th February 2008, 11:52 AM

I believe windows firewall gets disabled when you install ISA, you shouldn't need to run it. Does ISA have the relevant system policies set up to allow rdp to it?

**GlennT** · 14th February 2008, 12:48 PM

Do you mean the "Windows Firewall" service or the "Microsoft Firewall" service? The Microsoft Firewall is the ISA component. If this is not starting, you will get connection problems. DMcCoy is correct, the Windows Firewall should be disabled when ISA is installed [and should remain that way].

**Ryan** · 14th February 2008, 01:04 PM

Yep, it's the Microsoft Firewall service, sorry for the ambiguity. This service has to be started manually on boot. Once it's up it operates as it should, sans RDP/ping into it, which is why i think the broken Windows Firewall is blocking access. I can't even get in to configure the bugger.

The Windows Firewall is off, but cannot be started (which i'm not too fussed about obviously, but if it's causing these problems...). The error dialog i get when starting it from Services is:

Could not start Windows Firewall/Internet Connection Service (ICS) on local computer.
Error 123: The file name, volume name, or directory label syntax is incorrect.

Everything was fine access-wise until a few months ago. Policies aint been fiddled with.

Thanks lads.

**GlennT** · 14th February 2008, 01:14 PM

OK, sounds like the problem is with ISA. Which version of ISA is it?
I wouldnt worry about the Windows Firewall as this has to be disabled for ISA to function correctly.

**Ryan** · 14th February 2008, 01:24 PM

tis ISA 2006. Is the error about not being able to start the firewall to be expected if ISA is installed/running then?

**GlennT** · 14th February 2008, 02:00 PM

Yeah, that would be right.
What has changed on the ISA? Have you added any rules etc?
Have there been any updates done on the server?
You should also check any upstream connections/chaining to see if something outside the lan is causing problems.

**Ryan** · 14th February 2008, 03:05 PM

All that would have been changed in the period that it stopped working is Windows Updates. There's also a few pending. I'll go and let those happen and see if it helps. If not, a reformat might be on the cards (which should be fun, 'cos i didn't do all of the installation first time round!)

**GlennT** · 14th February 2008, 03:32 PM

Yeah, worth a shot doing the updates. Check for ISA specific updates too.
I guess you have a backup for ISA?

**Ryan** · 14th February 2008, 03:40 PM

lol? backup is no interweb

Or do you mean a backup of the settings/config?

I can spend a Sunday reinstalling it all without causing too much hassle due to lack of interweb, not too many people in on a Sunday (we never close).

**plock** · 14th February 2008, 04:15 PM

Sounds like ISA reinstall would do the job.

**ZeroHour** · 14th February 2008, 04:21 PM

Basically if anything is wrong with your ISA and the service cant start it will block ALL traffic, which is the correct thing to do. ICS/Windows Firewall will never work with ISA on as ISA does that very function (firewall/routing).
Have you changed the cache location or anything like that in ISA?
Also you should be on a static IP to access ISA management. If your Pc is on DHCP and gets a new IP you will need to update your config to reflect the IP change.
If you right click on the Firewall Rules you should see "System Policy" if I remember correctly. Ensure your pc is listed in there as a remote management pc for RDC/MMC to work.
I am assuming that Microsoft firewall is set to "automatic" start?

**Ryan** · 14th February 2008, 04:41 PM

It's set to start automatically, yep (even though it won't). Once it's up, it runs as normal, and does it's job. As in, "the box is a firewall". I just can't get into it remotely.

Hang on...

...Well i'll be damned. I gave my PC a static IP, and manually added it to all the remote options in the policy. Works as normal now.

What baffles me is that none of this was changed when it stopped working. Bizarre.

Thanks ZH, Glenn and plock

Now i just need to figure out why the chuffing thing won't run on startup. Any takers? ;-)

**ZeroHour** · 14th February 2008, 04:46 PM

The event log should have the errors. We have had plugins kill ISA before and its usually under "System" or "Applications".
What errors do you have in there?

Remember to click "thanks" where appropriate

LinkBack

Thread Tools

Search Thread

Windows Firewall - uninstall?

Thanks to ZeroHour from:

Similar Threads

Did MS do something windows firewall?

User paid to uninstall Windows XP

Windows XP SP2 firewall policies on Domain

Windows Firewall

Thread Information

Users Browsing this Thread

Posting Permissions