Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

ISA Server failed to load the firewall policy configuration.

607 views
Skip to first unread message

bingyeo

unread,
May 13, 2009, 4:33:01 AM5/13/09
to
Hi

I have encountered the following errors in my ISA 2006 Enterprise Edge
firewall (not in order):

Event Type: Error
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14018
Date: 5/13/2009
Time: 10:41:54 AM
User: N/A
Computer: APLISA
Description:
ISA Server failed to load the firewall policy configuration.

Event Type: Error
Event Source: Microsoft ISA Server Web Proxy
Event Category: None
Event ID: 21177
Date: 5/13/2009
Time: 10:42:00 AM
User: N/A
Computer: APLISA
Description:
The Web filter Web Publishing Load Balancing Filter/Web filter
Authentication Delegation Filter/Web filter Forms-Based Authentication
Filter/ Web filter Link Translation Filter/ Web filter HTTP Filter failed to
reload its configuration. If you recently applied changes to the
configuration, verify that these changes are configured properly.

Event Type: Error
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 21209
Date: 5/13/2009
Time: 10:42:01 AM
User: N/A
Computer: APLISA
Description:
The ISA Server configuration agent was unable to upload the configuration to
the ISA Server services. This could be due to a corrupt configuration. The
ISA Server configuration agent is reverting the configuration back to the
last known configuration. The service that failed to load the configuration
is: fwsrv.

Event Type: Error
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 21271
Date: 5/12/2009
Time: 5:06:50 PM
User: N/A
Computer: APLISA
Description:
Configuration changes saved to the Configuration Storage server could not be
applied to ISA Server services. After 5 attempts to apply the changes, ISA
Server postpones any new attempts to apply these changes, and will only renew
attempts when a new configuration is saved to the Configuration Storage
server. Recent alerts may indicate the reason for this failure.

Event Type: Information
Event Source: Microsoft ISA Server Control
Event Category: None
Event ID: 21211
Date: 5/12/2009
Time: 5:06:58 PM
User: N/A
Computer: APLISA
Description:
A new configuration cannot be loaded, and configuration settings have been
successfully reverted to last known good values. Check previous error events
for possible reasons for the failure. The error description is: Some
configuration changes were not applied. See the Windows event viewer for more
details.

The problems started recently when I tried adding new publishing and access
rules and realised that the rules were not being imposed. Upon checking the
event logs, I found these errors. At that point I was still able to view my
Firewall Policies in ISA console and manage them. The following day however,
I could no longer view my firewall policies, with only an error popup
stating:
Refresh failed
Error code: 0xc0040305
Details: The string is empty or invalid. The error occurred on object
'xxxxxxx' of class 'Policy Rule' in the scope of array 'APLISA'.

I have tried rebooting and restarting ISA to no avail. I cannot view/manage
or implement new policies.
What do I do?

Rafael V

unread,
Jul 1, 2009, 12:06:25 PM7/1/09
to

I have the same problem..!
Did you find a solution?
thanks,

Dmitriy_FS

unread,
Jul 9, 2009, 4:39:01 AM7/9/09
to

I have this problem too.
Did anybody solve this problem? I have this problem on several ISA, ISA2004
have this error, but still working. ISA2006 have this problem, but server
doesnt work as router too.

bingyeo

unread,
Jul 23, 2009, 12:49:02 AM7/23/09
to
Hi Rafael

unfortunately I have yet to find a solution for this problem.
I am on the brink of reinstalling the ISA and reconfiguring all the rules.

Dmitriy_FS

unread,
Jul 24, 2009, 4:49:01 PM7/24/09
to
Hi
I have resolved this problem. First delete all custom firewall policy in
registry then try to start ISA console (Firewal policy). Error (refresh
failed) will be still exist. Go to windows events logs, look for last errors
about MS Firewall service. In my situation there was error about some wrong
protocol, see the guideDmitriy of this protocol and delete it from registry,
then try to start ISA cosole. In my situation everything was good. Protocol
was Mcafee FrameWork Protocol. Last step is restore ISA configuration from
backup.
good luck.

R NAIR@discussions.microsoft.com KARTHIK R NAIR

unread,
Aug 20, 2009, 8:54:02 AM8/20/09
to

Hi All,

I had the same problem and i could resolve the issue. I will explain how i
have resolved the issue.

Once i tried loading the firewall policy it shows me an error saying that
the "Error while loading the Firewall policy "policy name" with string
error". I came to know the "policy name" string parameter is having some
configuration issue that gets the loading stuck.

I am aware of the policy name so first i went and checked the policy name is
the registry. I got the GUID of the policy. When u create a policy one
releated GUID will be creating for the policy.

Then my next step is to delete the rule that is creating problem. I went to
the CSS server---->Start---->Programs--->ADAM----->ADAM ADSIEDIT---->"Right
click------>Connect to.-----> Put the server name of CSS server---->port
2171------->DN CN=FPC2 (Now connect).

Take a backup of ADAM Data before any change.
----------------------------------------------------------
Ntbackup-----------Select c:\program files\Microsoft ISA\ADAM DATA\* (Select
all the contents)

Restoring the ADAM Data incase of any issue
-----------------------------------------------------------
Ntbackup---------Restore to the actual location.

Got to FPC2--->Array root---->CN=Array----->Open the GUID for
Array----->Array rules------>Policy rule----> take to the GUID of the policy
and delete it.

Now the CSS will be deleting the problematic policy and then the firewall
servers will be applying the policy.

You can go ahead and create the policy that is deleted.


Regards
Karthik.R

0 new messages