Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

"Windows firewall cannot run because another program or service is

2,963 views
Skip to first unread message

Internerd

unread,
Sep 3, 2008, 10:13:01 PM9/3/08
to
SBS 2003 with 2 Nics gives this error when trying to see if a firewall is
running.

"Windows firewall cannot run because another program or service is running
that might use the network address translation component" (Ipnat.sys)

So the question is: If NAT is running is there a firewall of any sort being
provided?
And a second ? is: Why would there be no positive Google hits for this
error from any official Micosoft support site?
--
I''''m clicking as fast as I can!

Russ (www.SBITS.Biz)

unread,
Sep 3, 2008, 10:50:36 PM9/3/08
to
You are in NAT Mode with 2NICS

What exactly are you trying to do?

Russ

--
Russell Grover - SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Small Business Specialist
World Wide Remote SBS2003 Support - http://www.SBITS.Biz


"Internerd" <Inte...@community.nospam> wrote in message
news:592DD9DD-332D-403B...@microsoft.com...

stephen

unread,
Sep 4, 2008, 4:02:54 AM9/4/08
to
Internerd wrote:
> SBS 2003 with 2 Nics gives this error when trying to see if a firewall is
> running.
>
> "Windows firewall cannot run because another program or service is running
> that might use the network address translation component" (Ipnat.sys)
>
> So the question is: If NAT is running is there a firewall of any sort being
> provided?

RRAS is providing NAT and firewall services. (Unless this is Premium
with ISA).

> And a second ? is: Why would there be no positive Google hits for this
> error from any official Micosoft support site?

Pass.

--
stephen

Miles Li [MSFT]

unread,
Sep 4, 2008, 6:46:51 AM9/4/08
to
Hello,

Thank you for posting here.

According to your description, I understand that:

You have a concern about the error "Windows firewall cannot run because

another program or service is running that might use the network address

translation component" (Ipnat.sys)" when trying to enable the Windows
Firewall service on the SBS 2003 server.

If I have misunderstood the problem, please don't hesitate to let me know.

Explanations:
=============
Yes, you have 2 NICs scenarios that the NAT is enabled on the SBS 2003
server external NIC in RRAS (or ISA). The NAT driver (Ipnat.sys) provides
the network address translation function. It is used by RRAS and Windows
Firewall (or ICS). However, once you enable the NAT in the RRAS, the
Ipnat.sys will be occupied and Windows Firewall cannot start properly. That
explains the error message " Windows firewall cannot run because another

program or service is running that might use the network address

translation component" (Ipnat.sys)".


Hope this helps. Also, if you have any questions or concerns, please do not
hesitate to let me know.

Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Internerd

unread,
Sep 5, 2008, 4:59:27 PM9/5/08
to
The question is:
If NAT is running is there a firewall of any sort being
provided?
Several replies all skirt answering the question. I just want to know if I
have a server that is protected if I'm using 2 Nics...and ran the IECW wizard
and configured the nics accordingly. If NAT is running, does it provide any
firewalling.
Much appreciation to all replies...skirted or otherwise.
-- ---------sos----------------

I''''m clicking as fast as I can!

Internerd

unread,
Sep 5, 2008, 5:08:26 PM9/5/08
to
Thanks...so I can assume that there is firewall protection. How can I verify
this with Server Manager on SBS 2003. I cannot find any references to
firewalling there...
Sorry if I don't take your word for it, but since I get the error that
"firewall cannot run" I am rather cautious.
thx..

--
I''''m clicking as fast as I can!

Internerd

unread,
Sep 5, 2008, 5:42:01 PM9/5/08
to
Thanks...but my question is simply...is there any firewall protection when
using NAT? I'm still not sure. Am I being paranoid? Sorry.
thx....

--
I''''m clicking as fast as I can!

Marina Roos [SBS-MVP]

unread,
Sep 5, 2008, 5:51:11 PM9/5/08
to
Hi,

If you are having two nics in the server, you have the basic NAT/Firewall
running. In the RRAS mmc you can see that.
The Windows Firewall Service should never run on SBS and is by default set
to disabled. So the Windows Firewall icon in the Control Panel will not work
and give you the error.
If you only have one nic in the server, you will have to use a hardware
firewall.

--
Regards,

Marina Roos
Microsoft SBS-MVP
One of the Magical M&M's
www.smallbizserver.net
Take part in SBS forum: http://www.smallbizserver.net/Default.aspx?tabid=53


"Internerd" <Inte...@community.nospam> wrote in message

news:7842C1C7-3AEF-48F4...@microsoft.com...

Russ (www.SBITS.Biz)

unread,
Sep 6, 2008, 1:40:18 PM9/6/08
to
This may help you
http://harrybrelsford.wordpress.com/2008/07/13/sbs-2003-natbasic-firewall-built-in-chapter-5-excerpt/

Russ

--
Russell Grover - SBITS.Biz
Microsoft Gold Certified Partner
Microsoft Small Business Specialist
World Wide Remote SBS2003 Support - http://www.SBITS.Biz

"Internerd" <Inte...@community.nospam> wrote in message

news:3B60BD1A-58A5-4A25...@microsoft.com...

Gold@discussions.microsoft.com Flashpoint Gold

unread,
Nov 10, 2008, 10:36:01 AM11/10/08
to
"Internerd" wrote:

> "Windows firewall cannot run because another program or service is running
> that might use the network address translation component" (Ipnat.sys)

I am having the same problem and its NOT because of Routing and Remote
Access having NAT enabled unless Routign and Remote Access is messed up. I
put NAT back on and then off of Routing and Remote Access, refreshed, and
then restarted. It still says that. I'm just trying to do a little assignment
for 70-293 and its become this big thing...

Marina Roos [SBS-MVP]

unread,
Nov 10, 2008, 10:49:48 AM11/10/08
to
By default the Windows Firewall Service is set to disabled and thus not
running. Please check in the services applet that this service is set to
disabled.

--
Regards,

Marina Roos
Microsoft SBS-MVP
One of the Magical M&M's
www.smallbizserver.net
Take part in SBS forum: http://www.smallbizserver.net/Default.aspx?tabid=53

"Flashpoint Gold" <Flashpoint Go...@discussions.microsoft.com> wrote in
message news:F354849A-025E-4C52...@microsoft.com...

gadgets906

unread,
Nov 22, 2009, 6:08:36 PM11/22/09
to

Running SB 2003 two nic cards as a router, firewall enabled through
rras, have vnc installed and was working remotely until recent microsoft
update. now when attempting to configure vnc, error message appears
stating firewall need to have exception for program vnc. Could really
use some advise as to where to make the exception and add the necessary
ports?


--
gadgets906
------------------------------------------------------------------------
gadgets906's Profile: http://forums.techarena.in/members/157213.htm
View this thread: http://forums.techarena.in/small-business-server/1032119.htm

http://forums.techarena.in

Larry Struckmeyer[SBS-MVP]

unread,
Nov 22, 2009, 7:36:30 PM11/22/09
to
Hi:

Guess we have to ask why VNC? SBS offers RWW (more secure), and RDP (less
secure) both if which are native to SBS and do not carry the overhead of VNC.

-
Larry
Please post the resolution to your
issue so others may benefit
-
Get Your SBS Health Check at
www.sbsbpa.com


> Running SB 2003 two nic cards as a router, firewall enabled through
> rras, have vnc installed and was working remotely until recent
> microsoft update. now when attempting to configure vnc, error message
> appears stating firewall need to have exception for program vnc. Could
> really use some advise as to where to make the exception and add the
> necessary ports?
>

> http://forums.techarena.in
>


gadgets906

unread,
Nov 22, 2009, 10:24:57 PM11/22/09
to

So the next logical question is where and how to deploy the
alternatives.

Larry Struckmeyer[SBS-MVP]

unread,
Nov 22, 2009, 11:26:01 PM11/22/09
to

A very good investment might be to google and order one of the several books
on the version of SBS you use. Charlie Russel, Eriq Neal, Harry Blesford,
amoung others have all written excellent books on SBS, which will tell you
more about the featurs and benefits than we (or at least I) could here.

-
Larry
Please post the resolution to your
issue so others may benefit
-
Get Your SBS Health Check at
www.sbsbpa.com

> So the next logical question is where and how to deploy the
> alternatives.
>

> http://forums.techarena.in
>


Merv Porter

unread,
Nov 22, 2009, 11:35:04 PM11/22/09
to
RWW... Open ports 443 and 4125 on your router. Then re-run CEICW (Connect
to the Internet) from Server Management and select "Remote Web Workplace" on
the 'Web Services Configuration' screen; create your Web Server Certificate.
Then, to log onto RWW, in Internet Explorer enter:
https://<mail.yourserver.com>/remote

CEICW Walkthrough
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm

Remote Desktop... open TCP 3389 in your router. You can also combine this
with a VPN for better security.

Alternative... Logmein Free Edition. (www.logmein.com). Useful for remote
access to clients and server. Create a free account and install the
software to the workstations (and/or server).


--
Merv Porter [SBS-MVP]
============================

"gadgets906" <gadgets9...@DoNotSpam.com> wrote in message
news:gadgets9...@DoNotSpam.com...

0 new messages