Solved

ISA Firewall Service stops unexpectedly

Posted on 2007-11-21
4
1,724 Views
Last Modified: 2010-05-18
Hi Guys. I have an interesting situation that has occurred a number of times recently to which I cannot seem to find out any information on when searching the net. Having spent some time google’ing the event log errors, I have decided I need the expert advice of you guys.

The situation is, Small Business Server 2003 R2 Premium running ISA 2004 which has been in and running for nearly a year recently started to have Firewall Service crashes. These I have noticed looking back through the logs only occur when either the scheduled backup runs at around 10:30pm or during the Exchange cleanup operation scheduled for around Midnight.

The logs below have been extracted in time order from either the System or mostly Application Logs.

I have been unable to see if I can manually restart the RRAS service during the backup procedure or exchange cleanup operation, but I can manually Start the service the following morning without any problems at all.

I will mention that I have been receiving a considerable amount more Allocated Memory Alerts which I once fixed by following a KB article  -  I thought this could possibly be related so thought I’d mention it.

Please find the logs I have extracted below. Any assistance on this would be greatfully appreciated.

Kind Regards,

Nigel




Event Type:      Error
Event Source:      Microsoft Firewall
Event Category:      Log
Event ID:      21192
Date:            11/21/2007
Time:            12:00:52 AM
User:            N/A
Computer:      *********
Description:
The Microsoft Firewall was unable to connect to MSDE database. The MSDE Error description is: Timeout expired.

Data:
0000: 31 0e 04 80               1..€    


Event Type:      Warning
Event Source:      Microsoft Firewall
Event Category:      None
Event ID:      21093
Date:            11/21/2007
Time:            12:01:56 AM
User:            N/A
Computer:      *********
Description:
Worker threads could not be stopped during cleanup.


Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7034
Date:            11/21/2007
Time:            12:01:58 AM
User:            N/A
Computer:      *********
Description:
The Microsoft Firewall service terminated unexpectedly.  It has done this 3 time(s).


Event Type:      Warning
Event Source:      MSExchangeSA
Event Category:      General
Event ID:      5008
Date:            11/21/2007
Time:            12:02:04 AM
User:            N/A
Computer:      *********
Description:
The message tracking log file C:\Program Files\Exchsrvr\MEDISBS1.log\20071111.log was deleted.


Event Type:      Error
Event Source:      Microsoft ISA Server Control
Event Category:      None
Event ID:      14079
Date:            11/21/2007
Time:            12:03:04 AM
User:            N/A
Computer:      *********
Description:
Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and then start it again. Check the Windows event Viewer for related error messages.


Event Type:      Error
Event Source:      SmallBusinessServer
Event Category:      SBS Monitoring
Event ID:      4104
Date:            11/21/2007
Time:            12:03:08 AM
User:            N/A
Computer:      *********
Description:
Could not connect to the monitoring database. This can occur when there are multiple connections to the database. Wait a short period of time, and then try again. If this error persists, run the Monitoring Configuration Wizard, and select Reinstall monitoring features.

Data:
0000: 05 40 00 80               .@.€    
0
Comment
Question by:nigel8013
  • 2
  • 2
4 Comments
 
LVL 21

Accepted Solution

by:
dan_blagut earned 500 total points
ID: 20326478
Hi
It looks like the connection between ISA FW service and MSDE database used for loging is responsable. You can try an temporary solution to prove that by changing the loging type of ISA FW. For that you have the info here
http://www.isaserver.org/articles/Basic-ISA-2004-Troubleshooting.html

Dan
0
 

Author Comment

by:nigel8013
ID: 20326856
Many Thanks Dan. I will give this a try later on today. Meanwhile, Is there any possible way of finding out what Is actually causing the connection failure as it looks like the same problem is causing SBS Monitoring to fail as well.

Many Thanks,

Nigel
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 20326966
I wonder if your server is OK wih memory consumption. You need also monitoring the CPU when the service is stoping. I suspect that in this moment the CPU is at high level and maybe the memory also. And that can cause the timeout, then the stop of that service. You can set recovery action restart service for a while.

Dan
0
 

Author Comment

by:nigel8013
ID: 20359897
Dan,

I did what you said which stopped the service from failing. I also looked into what could be causing the high memory usage and discovered that someone had turned on active protection on Sophos Antivirus on the server. This seems to have stopped the error messages in the logs.

Many Thanks for your help.

Nigel
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question