bctf1
asked on
SBS 2003 R2 ICS and Remote Access problem
I have the following problem on my Dell sc440 SBS 2003 R2 Standard server (DC, DHCP server, DNS server, Exchange server, file server) with 1 nic (broadcom netxtreme gigabit adapter w/driver v10.26.0.0). An Actiontec M1000 dsl gateway is the default gateway for the server and workstations which are connected via network switches to the M1000. All workstations are configured DHCP.
If I enable remote access and reboot the server, the Windows Firewall.ICS service will not start and generates a system event id 7023. This effectively breaks my lan. The server cannot be pinged from any workstation and server shares are not available to any workstation. Also, workstations cannot access the internet but the server can. If I disable remote access via ciecw, everything is back to normal function.
I have read that the ICS service does not have to be running on SBS 2003 for normal lan and internet functionality, is this true? Do I have something configured wrong on my server or my workstations, or it simply that with 1 nic, ICS and remote access cannot coexist?
Thanks,
Brad
If I enable remote access and reboot the server, the Windows Firewall.ICS service will not start and generates a system event id 7023. This effectively breaks my lan. The server cannot be pinged from any workstation and server shares are not available to any workstation. Also, workstations cannot access the internet but the server can. If I disable remote access via ciecw, everything is back to normal function.
I have read that the ICS service does not have to be running on SBS 2003 for normal lan and internet functionality, is this true? Do I have something configured wrong on my server or my workstations, or it simply that with 1 nic, ICS and remote access cannot coexist?
Thanks,
Brad
Also please check the event log for any of the following messages and post back.
Cannot load Remote Access Connection Manager. Error 711
The Network Connections folder is empty.
The Internet Connection Sharing and Internet Connection Firewall (ICF) services do not start because of a dependency failure.
System log Event ID: 7023 or 20035
Could not start the Remote Access Connection Manager service on Local Computer. Error 5: Access is denied.
Connection failed. Your Windows network is not properly configured.
Could not start the Remote Access Connection Manager service on local computer. Error 1068.
Could not start the Remote Access Auto Connection Manager service on local computer. Error 1068. The dependency service or group failed to start.
Cannot load Remote Access Connection Manager. Error 711
The Network Connections folder is empty.
The Internet Connection Sharing and Internet Connection Firewall (ICF) services do not start because of a dependency failure.
System log Event ID: 7023 or 20035
Could not start the Remote Access Connection Manager service on Local Computer. Error 5: Access is denied.
Connection failed. Your Windows network is not properly configured.
Could not start the Remote Access Connection Manager service on local computer. Error 1068.
Could not start the Remote Access Auto Connection Manager service on local computer. Error 1068. The dependency service or group failed to start.
ASKER
Hi mc, thank you for your reply. I did get VPN configured and working using remote access and rras. However after the first server reboot, the ICS service would not start and it effectively broke my lan as a result as referenced in my post above. After disabling remote access via CIECW and disabling remote access my lan was restored to normal function.
Thanks,
Brad
Thanks,
Brad
so do we still have an issue?
ASKER
Yes, we still have an issue because I had to disable remote access so my lan would function. Perhaps re-reading the middle paragraph in my original post will make things clearer.
There were 2 system events that repeated after remote access was enabled and my server rebooted for the first time yielding an inoperable lan.. They appear below. Remember that after remote access was disabled, my lan worked again and the events below did not reappear.
system event 7023, source - Service Control Manager - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The requested resource is in use. Numerous instances until remote access was disabled.
system event 32009, source - ipnathlp - The Windows Firewall/Internet Connection Sharing (ICS) service could not start because another program or service is running that might use the network address translation component (Ipnat.sys). This can occur when Routing and Remote Access is enabled. If this is the case, you must disable Routing and Remote Access before the Windows Firewall/Internet Connection Sharing (ICS) service can start. Numerous instances until remote access was disabled.
My primary concern here is not whether I have VPN working because I also have RWW running. My primary concern is the 2 questions that I posed in the last paragraph of my original post:
""I have read that the ICS service does not have to be running on SBS 2003 for normal lan and internet functionality, is this true? Do I have something configured wrong on my server or my workstations, or it simply that with 1 nic, ICS and remote access cannot coexist?""
Thanks,
Brad
There were 2 system events that repeated after remote access was enabled and my server rebooted for the first time yielding an inoperable lan.. They appear below. Remember that after remote access was disabled, my lan worked again and the events below did not reappear.
system event 7023, source - Service Control Manager - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The requested resource is in use. Numerous instances until remote access was disabled.
system event 32009, source - ipnathlp - The Windows Firewall/Internet Connection Sharing (ICS) service could not start because another program or service is running that might use the network address translation component (Ipnat.sys). This can occur when Routing and Remote Access is enabled. If this is the case, you must disable Routing and Remote Access before the Windows Firewall/Internet Connection Sharing (ICS) service can start. Numerous instances until remote access was disabled.
My primary concern here is not whether I have VPN working because I also have RWW running. My primary concern is the 2 questions that I posed in the last paragraph of my original post:
""I have read that the ICS service does not have to be running on SBS 2003 for normal lan and internet functionality, is this true? Do I have something configured wrong on my server or my workstations, or it simply that with 1 nic, ICS and remote access cannot coexist?""
Thanks,
Brad
Check out this site.
http://www.chicagotech.net/vpn.htm
Alot of information there. Click on the one that says:
Do not install VPN on a system with ICS running
http://www.chicagotech.net/vpn.htm
Alot of information there. Click on the one that says:
Do not install VPN on a system with ICS running
Hi BCTF1,
Please post your solution and accept it as the "accepted solution" so that it will remain on the EE site for someone searching this problem in the future. You will be helping someone you don't even know. It's a good feeling.
Please post your solution and accept it as the "accepted solution" so that it will remain on the EE site for someone searching this problem in the future. You will be helping someone you don't even know. It's a good feeling.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Thank you! This will help others in the future.
Have a great weekend and I'm glad you are up and running.
Have a great weekend and I'm glad you are up and running.
Lets try the simple fix first.
Make sure Remote Access Connection Manager Service is running.
Install or re-apply SP.
Make sure you're logged on as an administrator or have administrative privilege to setup the VPN.
This is the suggested fix for this exact problem that I found at http://www.chicagotech.net/vpnissues/vpnunavailable.htm
Let me know how that works.
mc