So I seem to be spending just as much time in Server Engineering and Application Configuration as I am with my real job these days, and one of my biggest pain points would have to be Forefront server (ISA Server’s successor). Now first, let me say that I’m a fan of the product – It’s the Poster Boy for Stateful Packet inspection Firewalls, and its flexibility pretty much makes it the best there is… but I find that’s also the most challenging aspect, trying to work out how to make the pieces fit together when in a simple firewall setting up something like “Forward traffic destined for this DNS to this IP address” would be a snap. Anyway, that’s not the purpose of this blog entry.
I was messing about with the server, trying to set it up with 2 NIC’s so we could publish Servers to the web and have different subnets, etc. It’s a VM, so I Shut it down, added the new NIC and spun it back up again. Oh Noes! All of the published web sites stop working (but RDP to the server is still kicking). WTF?
Anyway, in a previous attempt to publish the Remote desktops through TMG, I’d installed IIS and Term Server Web Interface on TMG while following a guide on the web. As it turns out we’re not licenced for TS, so I had to scrub that option… but I never uninstalled IIS.
Sure enough, if ISA / FF goes in first, it stops IIS from listening on ports 80 and 443 even if you do subsequently install IIS… but as soon as the network changes, IIS swipes the ports out from under FF’s nose and takes them over itself! Talk about bait & switch! What makes it a bit trickier to find is when the last action you take has nothing to do with the rules… and rolling back the Network changes does not fix the problem either.
The error that appears in the Forefront Status page is:
The Web Proxy filter failed to bind its socket to 127.0.0.1 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure. The failure is due to error: 0x80072740
The issue is described here – http://support.microsoft.com/kb/888650