none
sbs2003 ipnat.sys and firewall issues SBS2003 windows firewall cannot run because

    Question

  • Ok, I still look after 6 SBS2003 domains. All have been stable to the point of boring. Once client on sb2003 SP2 now adding simply accounting premium in client-server configuration. I have installed this several times at other sites and always had to make firewall changes. This server is one NIC, NO ISA (uses firewall appliance). Try to open firewall and get the old "Windows firewall cannot run becuase another program or service is running that might use the network address translation (IPNAT.SYS).

    I wnt back and looked at two clients with SAccounting that I did open up the firewall and they now show the same error. I rescanned all six sites how, all one NIC and all show they same.

    Need to resolve this to set SA working. Again, no ISA, one NIC, all updated and working well. Most have Symantec Endpoint SBS (V12) but not all.

     


    Guzzifrank
    Sunday, October 10, 2010 2:14 AM

Answers

  • If you are getting the IPNAT error, it could be because of RRAS. If you have configured RRAS to NAT - which will not work, as you are running a single NIC.
     
    Stop Routing and Remote Access or reconfigure it and retry.
     
    Only ISA or RRAS can take over the Windows Firewall IPNAT driver. If there is no ISA and you are getting that error - it has to be RRAS.

    --
    Regards,
    Vik Singh
    --------------------------------------------------------------------------------
    Please remember to click �??Mark as Answer�?� on the post that helps you, and to click �??Unmark as Answer�?� if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Went over the wizard very carefully again and it does show connect to router and the IP address info etc. Still same failure. BPA still shows a perfect install.
    Guzzifrank
    Sunday, October 10, 2010 7:44 PM

All replies

  • The usual cause for t this is running the CEICW and choosing "direct connect to broadband" instead of "router".  I would run the CEICW carefully, and the SBS-BPA. 

    www.sbs-bpa


    Larry Struckmeyer

    Please post the resolution to your issue so that everyone can benefit

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Sunday, October 10, 2010 12:40 PM
    Moderator
  • Went over the wizard very carefully again and it does show connect to router and the IP address info etc. Still same failure. BPA still shows a perfect install.
    Guzzifrank
    Sunday, October 10, 2010 6:47 PM
  • If you are getting the IPNAT error, it could be because of RRAS. If you have configured RRAS to NAT - which will not work, as you are running a single NIC.
     
    Stop Routing and Remote Access or reconfigure it and retry.
     
    Only ISA or RRAS can take over the Windows Firewall IPNAT driver. If there is no ISA and you are getting that error - it has to be RRAS.

    --
    Regards,
    Vik Singh
    --------------------------------------------------------------------------------
    Please remember to click �??Mark as Answer�?� on the post that helps you, and to click �??Unmark as Answer�?� if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Went over the wizard very carefully again and it does show connect to router and the IP address info etc. Still same failure. BPA still shows a perfect install.
    Guzzifrank
    Sunday, October 10, 2010 7:44 PM
  • A thought... Whenever you run CEICW, I believe it disables the Windows Firewall by default.  In a 2 NIC scenario, CEICW will configure Nat/Basic firewall via RRAS.  In a single NIC scenario, a (hardware) firewall appliance is then required.  With your single NIC scenario, did you originally run CEICW then disable RRAS and enable the Windows Firewall so it could be configured?

    --
    Merv  Porter   [SBS-MVP]
    ============================
    "guzzifrank" wrote in message news:01ef4db1-013e-4bb1-a6e8-1b4e29e9e1ba...
    Went over the wizard very carefully again and it does show connect to router and the IP address info etc. Still same failure. BPA still shows a perfect install.
    Guzzifrank
    Sunday, October 10, 2010 7:59 PM
    Moderator
  • OK, So I do have three users on this domain that are almost always out of office with Windows 7 Pro laptops on broadband Internet. The easily work with 'connect to Small Business Server' process. If I stop RRAS they will not connect. What do you suggest for 'reconfigure'?
    Guzzifrank
    Monday, October 11, 2010 12:18 AM
  • No, this server was configured single NIC with the same router from out of the box. There is a 10/100 NIC disabled in this server that came with it and we added the gigabit. It will be removed this week so we can retest this firewall.
    Guzzifrank
    Monday, October 11, 2010 12:20 AM
  • Go into Routing and Remote access and expand the columns on the left pane and do you see something like NAT filter or Firewall (something similar - cannot confirm as I don�??t have box in front of me).
     
    If yes, you have to reconfigure RRAS and only choosing routing option and not NAT.

    --
    Regards,
    Vik Singh
    --------------------------------------------------------------------------------
    Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    No, this server was configured single NIC with the same router from out of the box. There is a 10/100 NIC disabled in this server that came with it and we added the gigabit. It will be removed this week so we can retest this firewall.
    Guzzifrank
    Monday, October 11, 2010 1:39 AM
  • Thanks for reply. If I open RRAS and right click my server and check properties I have the option to set the server as a Router with sub options to local are network (LAN) only ot Lan and demand router) If I select router and either open RRAS restarts and I now have NAT available under RRAS. I gather I don't want NAT do I?
    Guzzifrank
    Monday, October 11, 2010 4:55 AM
  • Turned RRAS off and re-enabled the firewall. Works like a charm.

    RRAS was turned on without reason by previous server manager.

    Monday, December 17, 2012 10:12 AM