nigel8013
asked on
ISA Firewall Service stops unexpectedly
Hi Guys. I have an interesting situation that has occurred a number of times recently to which I cannot seem to find out any information on when searching the net. Having spent some time google’ing the event log errors, I have decided I need the expert advice of you guys.
The situation is, Small Business Server 2003 R2 Premium running ISA 2004 which has been in and running for nearly a year recently started to have Firewall Service crashes. These I have noticed looking back through the logs only occur when either the scheduled backup runs at around 10:30pm or during the Exchange cleanup operation scheduled for around Midnight.
The logs below have been extracted in time order from either the System or mostly Application Logs.
I have been unable to see if I can manually restart the RRAS service during the backup procedure or exchange cleanup operation, but I can manually Start the service the following morning without any problems at all.
I will mention that I have been receiving a considerable amount more Allocated Memory Alerts which I once fixed by following a KB article - I thought this could possibly be related so thought I’d mention it.
Please find the logs I have extracted below. Any assistance on this would be greatfully appreciated.
Kind Regards,
Nigel
Event Type: Error
Event Source: Microsoft Firewall
Event Category: Log
Event ID: 21192
Date: 11/21/2007
Time: 12:00:52 AM
User: N/A
Computer: *********
Description:
The Microsoft Firewall was unable to connect to MSDE database. The MSDE Error description is: Timeout expired.
Data:
0000: 31 0e 04 80 1..€
Event Type: Warning
Event Source: Microsoft Firewall
Event Category: None
Event ID: 21093
Date: 11/21/2007
Time: 12:01:56 AM
User: N/A
Computer: *********
Description:
Worker threads could not be stopped during cleanup.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 11/21/2007
Time: 12:01:58 AM
User: N/A
Computer: *********
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 3 time(s).
Event Type: Warning
Event Source: MSExchangeSA
Event Category: General
Event ID: 5008
Date: 11/21/2007
Time: 12:02:04 AM
User: N/A
Computer: *********
Description:
The message tracking log file C:\Program Files\Exchsrvr\MEDISBS1.lo
Event Type: Error
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 14079
Date: 11/21/2007
Time: 12:03:04 AM
User: N/A
Computer: *********
Description:
Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and then start it again. Check the Windows event Viewer for related error messages.
Event Type: Error
Event Source: SmallBusinessServer
Event Category: SBS Monitoring
Event ID: 4104
Date: 11/21/2007
Time: 12:03:08 AM
User: N/A
Computer: *********
Description:
Could not connect to the monitoring database. This can occur when there are multiple connections to the database. Wait a short period of time, and then try again. If this error persists, run the Monitoring Configuration Wizard, and select Reinstall monitoring features.
Data:
0000: 05 40 00 80 .@.€
The situation is, Small Business Server 2003 R2 Premium running ISA 2004 which has been in and running for nearly a year recently started to have Firewall Service crashes. These I have noticed looking back through the logs only occur when either the scheduled backup runs at around 10:30pm or during the Exchange cleanup operation scheduled for around Midnight.
The logs below have been extracted in time order from either the System or mostly Application Logs.
I have been unable to see if I can manually restart the RRAS service during the backup procedure or exchange cleanup operation, but I can manually Start the service the following morning without any problems at all.
I will mention that I have been receiving a considerable amount more Allocated Memory Alerts which I once fixed by following a KB article - I thought this could possibly be related so thought I’d mention it.
Please find the logs I have extracted below. Any assistance on this would be greatfully appreciated.
Kind Regards,
Nigel
Event Type: Error
Event Source: Microsoft Firewall
Event Category: Log
Event ID: 21192
Date: 11/21/2007
Time: 12:00:52 AM
User: N/A
Computer: *********
Description:
The Microsoft Firewall was unable to connect to MSDE database. The MSDE Error description is: Timeout expired.
Data:
0000: 31 0e 04 80 1..€
Event Type: Warning
Event Source: Microsoft Firewall
Event Category: None
Event ID: 21093
Date: 11/21/2007
Time: 12:01:56 AM
User: N/A
Computer: *********
Description:
Worker threads could not be stopped during cleanup.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7034
Date: 11/21/2007
Time: 12:01:58 AM
User: N/A
Computer: *********
Description:
The Microsoft Firewall service terminated unexpectedly. It has done this 3 time(s).
Event Type: Warning
Event Source: MSExchangeSA
Event Category: General
Event ID: 5008
Date: 11/21/2007
Time: 12:02:04 AM
User: N/A
Computer: *********
Description:
The message tracking log file C:\Program Files\Exchsrvr\MEDISBS1.lo
Event Type: Error
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 14079
Date: 11/21/2007
Time: 12:03:04 AM
User: N/A
Computer: *********
Description:
Due to an unexpected error, the service fwsrv stopped responding to all requests. Stop the service or the corresponding process if it does not respond, and then start it again. Check the Windows event Viewer for related error messages.
Event Type: Error
Event Source: SmallBusinessServer
Event Category: SBS Monitoring
Event ID: 4104
Date: 11/21/2007
Time: 12:03:08 AM
User: N/A
Computer: *********
Description:
Could not connect to the monitoring database. This can occur when there are multiple connections to the database. Wait a short period of time, and then try again. If this error persists, run the Monitoring Configuration Wizard, and select Reinstall monitoring features.
Data:
0000: 05 40 00 80 .@.€
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I wonder if your server is OK wih memory consumption. You need also monitoring the CPU when the service is stoping. I suspect that in this moment the CPU is at high level and maybe the memory also. And that can cause the timeout, then the stop of that service. You can set recovery action restart service for a while.
Dan
Dan
ASKER
Dan,
I did what you said which stopped the service from failing. I also looked into what could be causing the high memory usage and discovered that someone had turned on active protection on Sophos Antivirus on the server. This seems to have stopped the error messages in the logs.
Many Thanks for your help.
Nigel
I did what you said which stopped the service from failing. I also looked into what could be causing the high memory usage and discovered that someone had turned on active protection on Sophos Antivirus on the server. This seems to have stopped the error messages in the logs.
Many Thanks for your help.
Nigel
ASKER
Many Thanks,
Nigel