Solved

sbs2003 CEICW errors  - Urgent - Firewall fails

Posted on 2011-02-19
21
1,595 Views
Last Modified: 2012-05-11
All of a sudden yesterday I started getting errors when connect through VPN to my SBS2003 server. Rerunnign the CEICW usually fixes it but this time it didn't.  I started getting a "An error occurred while configuring a component" on the Firewall Configuration area of the CEICW.  Now I cant send of receive email, access OWA  or Remote.  I have ISA2004 installed.  Below is a copy of the icwlog.txt. .I've tried all I know please help

This is the log when it stops


2/20/2011 1:47 AM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizinet.dll, version 5.2.2893.0
calling CNetCommit::ValidatePropertyBag ().
Call to Querying for the property bag () returned ok.
Call to Reading hardware selection () returned ok.
Hardware selection: 0
Call to Validating hardware selection () returned ok.
Call to Initializing the Stingray util in ValidateNICProperties () returned ok.
Call to Reading LAN NIC Guid () returned ok.
LAN NIC Guid: {C21B9119-F5F8-4F5F-B1CC-706B4B233445}
Call to Validating LAN NIC Guid () returned ok.
Call to Getting the IP address for the LAN NIC () returned ok.
LAN NIC IP: 192.168.16.2
Call to Validating NIC properties () returned ok.
Broadband selection: 0
Call to Validating broadband selection () returned ok.
calling CNetCommit::ValidateFulltimeConnectionProperties ().
Call to Initializing the Stingray util in ValidateNICProperties () returned ok.
Call to Reading LAN NIC Guid () returned ok.
LAN NIC Guid: {C21B9119-F5F8-4F5F-B1CC-706B4B233445}
Call to Validating LAN NIC Guid () returned ok.
Call to Getting the IP address for the LAN NIC () returned ok.
LAN NIC IP: 192.168.16.2
Call to Reading 2nd NIC Guid () returned ok.
External NIC Guid: {EC8F8FAD-19EE-4B0B-81DB-0F0B46ECED6A}
Call to Validating external NIC Guid () returned ok.
Call to Validating the external IP against LAT () returned ok.
Call to Validating NIC properties () returned ok.
Call to Reading Default Gateway () returned ok.
Default Gateway: 98.174.167.1
Call to Validating Default Gateway IP () returned ok.
Call to Reading preferred DNS server IP () returned ok.
Preferred DNS server: 68.105.28.16
Call to Validating prefferred DNS server IP () returned ok.
Call to Reading alternate DNS server IP () returned ok.
Alternate DNS server: 68.105.29.16
Call to Validating alternate DNS server IP () returned ok.
Call to Validating preferred & alternate DNS servers () returned ok.

2/20/2011 1:47 AM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizproxy.dll, version 5.2.2893.0
CStingrayCommit::ValidatePropertyBag
Call to Querying for IPropertyPagePropertyBag () returned ok.
Call to Initializing the StringrayUtil () returned ok.
Call to Reading the firewall selection () returned ok.
Firewall selection: 1
CStingrayCommit::ValidateUpnpProperties
Error 0x80070057 returned from call to Reading the UPNP selection().
Skipping upnp validation
Call to CStingrayCommit::ValidateUpnpProperties () returned ok.
Call to Validating Upnp properties () returned ok.
CStingrayCommit::ValidatePortMappings
Call to Reading the port mappings () returned ok.
Call to Loading port mappings XML () returned ok.
Call to Validating the predefined port mappings XML () returned ok.
Call to Reading the custom port mappings () returned ok.
Loading port mapping XML
Call to Validating the custom port mappings XML () returned ok.
Call to CStingrayCommit::ValidatePortMappings () returned ok.
Call to Validating port mappings () returned ok.
CStingrayCommit::ValidateWebPublishingRules
Call to Reading web publishing selection () returned ok.
Call to Validating Web publishing selections () returned ok.
Web publishing selections:
OWA publishing: 1
RUP publishing: 1
Monitoring publishing: 1
OMA publishing: 1
RPC publishing: 1
Sharepoint publishing: 0
ROOT publishing: 0
Call to CStingrayCommit::ValidateWebPublishingRules () returned ok.
Call to Validating web publishing rules () returned ok.
Call to CStingrayCommit::ValidatePropertyBag () returned ok.

2/20/2011 1:47 AM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizcert.dll, version 5.2.2893.0
Calling CCertCommit::ValidatePropertyBag
Nothing is published, will not touch SSL Settings
*** CCertCommit::ValidatePropertyBag returned ERROR 1

2/20/2011 1:47 AM
C:\Program Files\Microsoft Windows Small Business Server\Networking\ICW\wizemail.dll, version 5.2.2893.0
calling CEmailCommit::ValidatePropertyBag ().
calling pdispPPPBag->QueryInterface (IPropertyPagePropertyBag, 0x6e50c).
Call to pdispPPPBag->QueryInterface () returned ok.
calling ReadInt4 (0x10e2030, DB5E5E45-3598-4F1D-8FF7-0ED35B9EB6A4).
Call to ReadInt4 () returned ok.
The out param of ReadInt4() is 1.
calling CValidatePropertyUtil.ValidatePropertyInteger ().
Call to CValidatePropertyUtil.ValidatePropertyInteger () returned ok.
calling ReadBool (0x10e2030, F71526DD-9C19-4fe9-B7DB-FD4360909275).
Call to ReadBool () returned ok.
The out param of ReadBool() is 1.
calling CValidatePropertyUtil.ValidatePropertyBool ().
Call to CValidatePropertyUtil.ValidatePropertyBool () returned ok.
calling ReadBool (0x10e2030, DB5E5E46-3598-4F1D-8FF7-0ED35B9EB6A4).
Call to ReadBool () returned ok.
The out param of ReadBool() is 1.
calling CValidatePropertyUtil.ValidatePropertyBool ().
Call to CValidatePropertyUtil.ValidatePropertyBool () returned ok.
calling ReadBool (0x10e2030, 1DB7A50F-98F8-452f-868B-1AAC56585DD0).
Call to ReadBool () returned ok.
The out param of ReadBool() is 0.
calling CValidatePropertyUtil.ValidatePropertyBool ().
Call to CValidatePropertyUtil.ValidatePropertyBool () returned ok.
calling ReadString (0x10e2030, 01637C90-B142-41C4-8520-6B2E0F891BE7).
Call to ReadString () returned ok.
The out param of ReadString() is adgokc.com.
calling ReadBool (0x10e2030, 1DB7A50F-98F8-452f-868B-1AAC56585DD0).
Call to ReadBool () returned ok.
The out param of ReadBool() is 0.
calling CValidatePropertyUtil.ValidatePropertyHostName ().
Call to CValidatePropertyUtil.ValidatePropertyHostName () returned ok.
calling AttachCommiter.Validate(pPPPBag) (0x10e2030, 01637C90-B142-41C4-8520-6B2E0F891BE7).
calling CAttachCommiter::Validate (0x10e2030).
calling CAttachCommiter::Validate:ReadVariant (0x0).
calling CAttachCommiter::Validate:m_spDoc.CoCreateInstance (0x0).
calling CAttachCommiter::Validate:m_spDoc->loadXML (0x0).
Call to CAttachCommiter::Validate () returned ok.
Call to CEMailCommit::ValidatePropertyBag () returned ok.
calling CNetCommit::Commit (17702960).
calling CNetCommit::ValidatePropertyBag ().
Call to Querying for the property bag () returned ok.
Property bag is not dirty, skipping validation
calling CNetCommit::Common ().
calling CNetCommit::GetLanNicInfo ().
LAN NIC Guid: {C21B9119-F5F8-4F5F-B1CC-706B4B233445}
Call to Converting LAN NIC Guid () returned ok.
Call to Getting IP address for the LAN NIC () returned ok.
Call to Reading in the LAN NIC info () returned ok.
Call to Fixing the TCP/IP NIC Binding order () returned ok.
Dhcp server is installed and not disabled
Call to Set DHCP Server to start up automatically () returned ok.
DNS server is installed and not disabled
Call to Changing startup type for DNS () returned ok.
Call to Clearing DNS server entries on the LAN NIC () returned ok.
Call to Setting DNS server IP for the LAN NIC () returned ok.
Call to Resetting DNS recursion timeout () returned ok.
Call to Resetting client dns query timouts in config.dat () returned ok.
Call to DsGetDcName for local domain name () returned ok.
calling CNetCommit::DoFulltime ().
Call to Converting external NIC guid () returned ok.
Call to Clearing default gateway on the LAN NIC () returned ok.
Error 0x1 returned from call to Setting the default gateway on the external NIC().
Call to Setting DNS forwarders () returned ok.
Call to Preparing for DNS listener reset () returned ok.
Call to Resetting DNS listeners () returned ok.
Call to Clearing DNS server entries on the external NIC () returned ok.
Call to Making sure the DNS entries on the external NIC points to the local DNS server () returned ok.
Call to GetLocalDomainName () returned ok.
Call to Deleting the DNS record for the external NIC () returned ok.
Call to Disabling net services on the external NIC () returned ok.
Call to Turning off dns registration on the external NIC () returned ok.
Call to Disabling NetBIOS for the external NIC () returned ok.
Call to CNetCommit::DoFulltime () returned ok.
Call to Configuring for fulltime connection () returned ok.
calling ConfigureIE ().
calling SetInternetOptions ((null), ADGSBS:8080, <local>).
calling InternetSetOptionA (NULL, INTERNET_OPTION_PER_CONNECTION_OPTION).
Call to InternetSetOptionA () returned ok.
Call to SetInternetOptions () returned ok.
calling InternetSetOption_AutodialConnection ().
Call to InternetSetOption_AutodialConnection () returned ok.
calling InternetSetOption_AutodialMode (1).
Call to InternetSetOption_AutodialMode () returned ok.
calling InternetSetOption_DisableAutodial (1).
Call to InternetSetOption_DisableAutodial () returned ok.
Call to ConfigureIE () returned ok.
Call to Configuring IE for fulltime connection () returned ok.
Call to Notifying client setup for Default gateway as the SBS server () returned ok.
Call to Initializing the Stingray util () returned ok.
Call to Turning Stingray autodial off () returned ok.
ISA2k Autodial rule does not exist, ignoring the error
Call to CNetCommit::RemoveISA2kAutodialRule () returned ok.
Call to Removing ISA autodial rule ROUTINGRULE_AUTODIAL () returned ok.
ISA2k Autodial rule does not exist, ignoring the error
Call to CNetCommit::RemoveISA2kAutodialRule () returned ok.
Call to Removing ISA autodial rule ROUTINGRULE_INTERNALAUTODIAL () returned ok.
Call to CNetCommit::RemoveISA2kRelatedAutodialRules () returned ok.
Call to Removing ISA2k related autodial rules () returned ok.
calling RegisterMSBOExchangeBP (0).
Error 0x1 returned from call to RegisterMSBOExchangeBP().
Call to Unregistering the smtp sink () returned ok.
Call to Initializing the Stingray util in CreateLANAccessRule () returned ok.
Call to Creating the protected networks access rule () returned ok.
Call to Saving ISA2k4 changes () returned ok.
Call to GetLocalDomainName () returned ok.
Call to Reading in the local domain name () returned ok.
Local Domain Name is: adgokc.local
Call to Enabling secure dynamic DNS updates () returned ok.
Call to Disabling RoundRobin for DNS server () returned ok.
Call to GetLocalDomainName () returned ok.
Call to Configuring DHCP options () returned ok.
Call to Disabling the RASUTO service () returned ok.
Call to Configuring w32time parameters for fulltime () returned ok.
Call to Configuring the time service () returned ok.
Call to Notifying RWW for ISA () returned ok.
Call to CNetCommit::Common () returned ok.
Call to CNetCommit::Commit () returned ok.
CStingrayCommit::CommitEx
CStingrayCommit::ValidatePropertyBag
Call to Querying for IPropertyPagePropertyBag () returned ok.
Call to Initializing the StringrayUtil () returned ok.
Call to Reading the firewall selection () returned ok.
Firewall selection: 1
CStingrayCommit::ValidateUpnpProperties
Error 0x80070057 returned from call to Reading the UPNP selection().
Skipping upnp validation
Call to CStingrayCommit::ValidateUpnpProperties () returned ok.
Call to Validating Upnp properties () returned ok.
CStingrayCommit::ValidatePortMappings
Call to Reading the port mappings () returned ok.
Call to Loading port mappings XML () returned ok.
Call to Validating the predefined port mappings XML () returned ok.
Call to Reading the custom port mappings () returned ok.
Loading port mapping XML
Call to Validating the custom port mappings XML () returned ok.
Call to CStingrayCommit::ValidatePortMappings () returned ok.
Call to Validating port mappings () returned ok.
CStingrayCommit::ValidateWebPublishingRules
Call to Reading web publishing selection () returned ok.
Call to Validating Web publishing selections () returned ok.
Web publishing selections:
OWA publishing: 1
RUP publishing: 1
Monitoring publishing: 1
OMA publishing: 1
RPC publishing: 1
Sharepoint publishing: 0
ROOT publishing: 0
Call to CStingrayCommit::ValidateWebPublishingRules () returned ok.
Call to Validating web publishing rules () returned ok.
Call to CStingrayCommit::ValidatePropertyBag () returned ok.
Call to Validating the property bag () returned ok.
Call to Reading the guid for the LAN NIC () returned ok.
Call to Getting the IP address for the LAN NIC () returned ok.
Call to Getting the SM for the LAN NIC () returned ok.
LAN NIC Info:
Guid: {C21B9119-F5F8-4F5F-B1CC-706B4B233445}
IP: 192.168.16.2
SM: 255.255.255.0
Call to Removing RRAS NAT () returned ok.
CStingrayCommit::DoGeneralConfiguration
Call to Removing SBS access rules () returned ok.
Call to SBS MS Update Access Rule () returned ok.
Call to Creating SBS Internet Access Rule () returned ok.
Call to Setting default logon domain for OMA () returned ok.
Call to Configuring anonymous access for SBS dirs () returned ok.
Call to Disabling auto discovery () returned ok.
Error 0x8007041d returned from call to Configuring IIS to listen only on the LAN().
Error 0x8007041d returned from call to CStingrayCommit::DoGeneralConfiguration().
Error 0x8007041d returned from call to Doing general configuration().
Error 0x8007041d returned from call to CStingrayCommit::CommitEx().
0
Comment
Question by:CadMnky
  • 7
  • 6
  • 5
  • +1
21 Comments
 
LVL 6

Expert Comment

by:crash2000
ID: 34936684
Have you tried rebooting the server and running CEICW again?
I had this issue when I was running sbs2003 and that was the fix as I remember.

Mark
0
 

Author Comment

by:CadMnky
ID: 34937367
Yes I have rebooted this server many times.
0
 
LVL 6

Expert Comment

by:crash2000
ID: 34937400
I thought you would have. But sometimes I forget the most obvious.
Looking at the log, can you check your Network adapter settings?
http://support.microsoft.com/kb/825763

I think there may be DNS entries that are incorrect.

Mark
0
 

Author Comment

by:CadMnky
ID: 34937615
I've double and triple checked.
Which DNS entries are you talking about?  The DNS servers we use to connect through our ISP or the internal DNS entries?
0
 
LVL 6

Expert Comment

by:crash2000
ID: 34937670
I believe you have your ISP DNS server configured on one of your Network adpaters.
The only DNS servers that should be listed in your SBS server. So all DNS servers should point to 192.168.16.2.
I don't think you cards are set correctly.
Sorry to be brief, but am quite busy.
Let me know
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 34937745
In the wizemail section of the log, about a third of the way down, an error is returned from trying to set the default gateway. If this fails, then it seems likely that any email-related functions will fail also, as will remote access, since traffic won't know where to go without this information.

I would investigate this error first, as it seems central to the problem.
0
 

Author Comment

by:CadMnky
ID: 34937784
Remote access is working fine. I'm at home remoting in at the moment.

I cannot find the Gateway failure you are refering to. Below is an ipconfig /all if it helps..


Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\administrator.ADGOKC>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : adgsbs
   Primary Dns Suffix  . . . . . . . : adgokc.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : adgokc.local

Ethernet adapter Server Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Ada
pter #2
   Physical Address. . . . . . . . . : 00-15-17-19-A7-8F
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

Ethernet adapter Network Connection 3:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PT Dual Port Server Ada
pter
   Physical Address. . . . . . . . . : 00-15-17-19-A7-8E
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 98.174.167.94
   Subnet Mask . . . . . . . . . . . : 255.255.255.128
   Default Gateway . . . . . . . . . : 98.174.167.1
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\administrator.ADGOKC>
0
 
LVL 6

Expert Comment

by:crash2000
ID: 34937869
That all looks fine. Let me look back through my records

In the meatime, you might want to look at what Pera has said.

Mark
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 34937898
If you copy and paste the log into Word or Notepad and search for "error" you will find it easily; it can be a real chore finding a particular word or string in a lengthy text document solely using eyeball power...

If you open your DHCP manager and click on Scope Options , in the right pane you should see at the top of the list the entry 003 Router - this should have the server's internal IP address as its value, in your case 191.168.16.2. If the IP address there is different, this suggests that configuration changes have been made at some time in the past without using the wizard. Make a note of the address (in case you need to put it back for some reason) and change it to that of your server, then re-run the CEICW.

Another possibilty is that your ISP might have changed the gateway address and not told you. Does the external NIC connect to the internet through a modem, or some other device? How does that device obtain its information, via DHCP, or having the settings entered manually?
0
 
LVL 5

Expert Comment

by:lscarbor
ID: 34938090
I agree with Perarduaadas. You may have added a NIC since DHCP was set up. If you look at the DHCP and there's anything regarding the public side, it's most likely not supposed to be there. Also, there is a possibility that a new DHCP has been turned on, perhaps in the external router or modem. The ISP should turn DHCP off, I think--it doesn't look like you need it.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:CadMnky
ID: 34938125
the 003 Router has the same IP as the server 192.168.16.2.
The gateway address has not changed. The external NIC connects via modem with a static IP.

Thanks for all of the continued help..
0
 
LVL 5

Expert Comment

by:lscarbor
ID: 34938143
The gateway error is a killer. When you connect with remote it sets up the TCP link from the out in. Anything that has to have the server set up a conneciton is most likely going to fail. Maybe you could try deleting the gateway from the external nic and then put it back in?
Grabbing at straws, but sometimes it works.
0
 
LVL 5

Expert Comment

by:lscarbor
ID: 34938167
Here's the line I'm concerned about:
Error 0x1 returned from call to Setting the default gateway on the external NIC().
 
Can you ping that address (98.174.167.1)from the server?
(PS. I'd recomment that next time you should obfuscate your public IPs. Already here this time.)
0
 
LVL 6

Expert Comment

by:crash2000
ID: 34938179
I have checked my records and when we had this issue it was because ISP had changed their DNS servers.

Mark
0
 
LVL 15

Expert Comment

by:Perarduaadastra
ID: 34938199
I appreciate that the external NIC has a static IP, but how is the modem itself configured? Does it get the gateway settings via the ISP's own DHCP, or do you configure that setting manually from information that the ISP supplies? As the WAN NIC doesn't use DHCP, any changes to the gateway address by the ISP won't be replicated to your WAN interface.
0
 

Accepted Solution

by:
CadMnky earned 0 total points
ID: 34940239
OK I got it all to work.. What a wild ride this all has been.  It turns out the culprit was Trend Micro.  WFBv7 is becoming the bane of my existence..

 

With WFBv6 you could run CEICW without an problems so I never turned it off.  once I turned it off and reran CEICW voila!

Now my only problem is my GoDAddy cert. I followed

http://blogs.technet.com/b/sbs/archive/2007/08/21/how-to-install-a-public-3rd-party-ssl-certificate-on-iis-on-sbs-2003.aspx

but when I go to OWA  I get Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)


Do i have to add the cert to ISA?
0
 
LVL 5

Expert Comment

by:lscarbor
ID: 34940277
Not that I'm aware of.
Here's the link for IIS6 at godaddy.com

http://community.godaddy.com/help/4875

Follow the instructions, you'll be okay. It's probably a problem related to the intermediate cert. The fix is in the instructions.
0
 

Author Comment

by:CadMnky
ID: 34940428
No that still doesnt work.. I am still getting the Error Code: 500 Internal Server Error. The target principal name is incorrect. (-2146893022)
0
 
LVL 5

Expert Comment

by:lscarbor
ID: 34944159
That sounds more like a 'forms-based authentication' error, or something else with OWA or OMA.
Try this:
http://www.experts-exchange.com/Microsoft/Windows_Security/Q_24400578.html
0
 
LVL 5

Expert Comment

by:lscarbor
ID: 34944256
Here's a really good link from the previous link. I suggest you read it! Down toward the bottom of the article may be the fix to the 500 problem (hint: it's not really an internal server error!)
It's actually that the defined name isn't the name that needs to be used.

http://www.isaserver.org/tutorials/error505.html

Don't let the 505 put you off, it covers your issue.
0
 

Author Closing Comment

by:CadMnky
ID: 34990881
I figured out it was the virus software
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now