Windows Firewall/ICS question on Windows 2003 SBS

Discussion in 'Windows Small Business Server' started by Wishdiak, Mar 31, 2009.

  1. Wishdiak

    Wishdiak Guest

    I have a client with a Dell server running Windows 2003 SBS
    with SP2.

    Each time that the server is rebooted, the Windows Firewall/ICS service is
    set to Automatic but doesn't start. At this point, none of the workstations
    can connect to the server or the internet.

    Changing the Windows Firewall/ICS service to disabled, executing "netsh
    winsock reset" and rebooting the server has been a consistent fix each
    time, but I'd really like to find a better solution.

    The server has 2 NIC's, with one disabled, and no AV software currently
    installed. Any help would be appreciated.
     
    Wishdiak, Mar 31, 2009
    #1
    1. Advertisements

  2. Anything in the event log directly after a reboot?
     
    Merv Porter [SBS-MVP], Mar 31, 2009
    #2
    1. Advertisements

  3. Wishdiak

    Wishdiak Guest

    Merv,

    Thanks for your input.

    To answer your question, here's two entries that I see in the System Log
    after a reboot where the Windows Firewall/ICS service attemtped to start.
    -----
    Date: 3/30/2009 Source: ipnathlp
    Time: 4:24:20 PM Category: None
    Type: Error EventID: 32009
    User: N/A
    Computer: Server01
    Description:
    The Windows Firewall/Internet Connection Sharing (ICS) service could not
    start because another program or service is running that might use the
    network address translation component (Ipnat.sys). This can occur when
    Routing and Remote Access is enabled. If this is the case, you must disable
    Routing and Remote Access before the Windows Firewall/Internet Connection
    Sharing (ICS) service can start.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    -----
    Date: 3/30/2009 Source: Service Control Manager
    Time: 4:24:34 PM Category: None
    Type: Error EventID: 7023
    User: N/A
    Computer: Server01
    Description:
    The Windows Firewall/Internet Connection Sharing (ICS) service terminated
    with the following error:
    The requested resource is in use.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    -----
     
    Wishdiak, Mar 31, 2009
    #3
  4. Trying disabling RRAS (in it's MMC console) and rebooting with ICS off.

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Mar 31, 2009
    #4
  5. Wishdiak

    Wishdiak Guest

    Merv,

    Thanks again for your input.

    This is a server with two NICs, but one is disabled. Do I understand
    correctly that RRAS and Windows Firewall/ICS should both be set to disabled?

     
    Wishdiak, Mar 31, 2009
    #5
  6. Wishdiak

    Wishdiak Guest

    Cris,

    The server is no more than a few years old, but was installed before I
    started with my current employer, so not 100% sure of the date.

    To answer your question, yes. Each time that the server needs to be
    rebooted to apply an update, the Windows Firewall/ICS service switches from
    disabled to automatic and needs to be manually disabled again before the
    server will behave.
     
    Wishdiak, Mar 31, 2009
    #6
  7. Wishdiak

    SteveM Guest

    Do you happen to have VMWare Server 2 installed on the SBS? I have
    encountered this issue after installing VMWare Server 2. It seems
    VMWare somehow turns the Firewall/ICS service to automatic, which fails
    to start properly because of what I assume to be a conflict with
    VMWare's own NAT driver. The net result is all incoming access to the
    server gets blocked. I never got to the bottom of it, and chose instead
    to remove VMWare Server 2, set the Firewall/ICS to disabled and reboot.
    All returned to normal thereafter.
     
    SteveM, Mar 31, 2009
    #7
  8. Yes.

    Default Services That Are Installed in Windows Small Business Server 2003
    http://support.microsoft.com/kb/829623

    You may want to re-run CEICW if disabling RRAS doesn't fix the problem.

    Last resort may be to disable the 2nd NIC in the server's BIOS to see if
    that makes a difference.

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Mar 31, 2009
    #8
  9. Wishdiak

    Wishdiak Guest

    No VMWare running on this server, but that's a good thing to watch for.
    Thanks for the tip.
     
    Wishdiak, Apr 1, 2009
    #9
  10. Wishdiak

    Wishdiak Guest

    Merv,

    I'll give that a try. My concern is that something such as a GPO or another
    service is changing the startup type of Windows Firewall to automatic after
    each restart.

    If disabling both Windows Firewall and RRAS solves the problem, then I'll be
    very grateful.

     
    Wishdiak, Apr 1, 2009
    #10
  11. Wishdiak

    Wishdiak Guest

    Merv,

    This did the trick. Thank you for your help.

     
    Wishdiak, Apr 8, 2009
    #11
  12. Glad to here you got it fixed!

    --
    Merv Porter [SBS-MVP]
    ============================

     
    Merv Porter [SBS-MVP], Apr 8, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.