Solved

Windows Firewall

Posted on 2006-07-05
8
372 Views
Last Modified: 2012-05-05
When I first installed SBS 2003, Windows Firewall was running. For some reason after applying Windows updates and getting up to the stage where the server is ready to go, I get the following message when trying to start the Windows Firewall service:

"Windows Firewall cannot run because the Windows Firewall/Internet Connection Sharing (ICS) service is not running."

Any ideas? Isn't it a bit risky having the firewall disabled?

Thanks in advance.
0
Comment
Question by:DReade83
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
8 Comments
 
LVL 7

Expert Comment

by:puter_geek
ID: 17046769
It is VERY risky, and definitely not recommended if you have it connected directly to the internet.  If you have a router, or hardware firewall of some sort, then it's not so bad at all. You just have to have something there.  

Personally, on my server, I don't have it running, but I also have a Linksys router between it and the world.  I forwarded the ports I needed through the router and that was it.  80, 21, 3389, ect.
0
 

Author Comment

by:DReade83
ID: 17046861
Ah right, that's what I have, a hardware firewall/router with port forwarding setup.

Any idea why Windows disables it?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17050295
Hi DReade83,

Did you happen to run the Security Configuration Wizard?  Because the Windows Firewall should NOT be installed or running on an SBS.  If you have SBS Standard, RRAS will act as your firewall if you have two NICs (you should also have a hardware firewall in front of your server such as puter_geek suggested.

You configure all of this with the Configure Email and Internet Connection Wizard (CEICW -- which is linked as Connect to the Internet in the Server Management Console > Internet and Email)

A visual how-to is here:  http://sbsurl.com/ceicw and a full networking overview for SBS is at http://sbsurl.com/msicw

Jeff
TechSoEasy
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 7

Expert Comment

by:puter_geek
ID: 17075356
Because since you only have one network connection, it automatically disables it.  Part way through the install it asks you if it is connected through the internet through a residential gateway, so it knows that it doesn't need it and disables it.
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17077532
Has nothing to do with having one Internet connection... you're thinking of RRAS's firewall...  which would be disabled with a single NIC, not because it doesn't need it, but because it won't work with only one interface.  

However, the question is regarding the ICS Firewall... the Windows internal software firewall... which shouldn't be enabled at all on an SBS.

Jeff
TechSoEasy
0
 

Author Comment

by:DReade83
ID: 17077727
Could you explain why please Jeff? I'm just curious why SBS disables it.

Thanks.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17077827
SBS has full versions of Windows Server 2003, Exchange Server, IIS, Active Directory, DNS and DHCP.  As well as ISA Server and SQL Server (if premium).  Becuase these are full versions, they have all the features you'd find in the standard products.  However, because SBS has all of these things operating on the same machine there are a number of things that you wouldn't use even though they haven't been taken out.  The ICS Firewall is one of those.  

It also shouldn't be used on any Server 2003 that is a DC or provides DHCP.

Please review http://support.microsoft.com/kb/324286 for more info and which includes this statement:

• Do not use ICS on a network that:

• Uses static IP addresses
• Has a Windows Server 2003 domain controller
• Uses other DNS servers, gateways, or DHCP servers
 
Jeff
TechSoEasy
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question