Request A Quote

Iron Networks Blog

why choose iron Software Define Data Center Hnv Hybrid Cloud Gateway MCE Cloud Edge Gateway Cloudboxx, branch-in-a-box Wss, windows storage systems

UAG: MS Firewall does not start and stays in "starting" state in nUAG Appliance

On few occassions you may encounter an issue wherein the nUAG appliance when started and joined to the domain for the first time will take long time to start and when it starts the MS Firewall service stays in "starting" state. This problem occurs mostly when user has not followed the quick start guide properly and continued with the steps one after the other. Two ways to resolve it;

#1 If you have already configured the nUAG appliance and now the MS Firewall service is not starting. 

  • Open the TMG Console on the nUAG box. you should login with domain credentials if your UAG appliance is in domain.
  • Go to "system" option on the left ide menu and go to the properties of the server displayed in middle .
  • Click on the Tab called "Communication" and check the IP address mentioned in there. The IP address if is in the range of 192.168.96.X. Then click on the drop down menu and select one of the IP addresses listed in the list
  • Apply the changes
  • Re-start the appliance
  • Go to services.msc and check if the services started successfully
  • Open elevated command prompt and type setspn -a ldap/<fqdn of UAG machine> <NetBIOS name for UAG Machine>
  • And, setspn -a ldap/<fqdn of UAG machine>:2171 <NetBIOS name for UAG Machine>
  • Change the startup type for MS Firewall to manual
  • Re-start appliance
  • Go to services.msc and manually start the MS Firewall service
  • Change it back to Automatic

#2  If you have not configured your appliance yet  

  • Start the appliance for the first time
  • Put in the IP addresses on internal and external interfaces
  • Custom wizard opens, select option 1 to change the name of the appliance. This requires re-start.
  • Initialize the TMG services (step 2 on the custom wizard which pops up when you first start the appliance)
  • Go to "System" option in left side menu in TMG console and remove the Intra-Array IP under "Communication" tab if it's in the range of 192.168.96.X and select the right IP address assigned to the appliance
  • Apply the changes
  • Restart the server before joining it to domain
  • Joine it to the domain
  • Restart
  • MS Firewall service starts smoothly

Note: This is not an issue with the actual appliance but with the basic configurations people tend to forget or sometime misconfigure which could lead to this issue.

Cheers !!


Copyright © 2023 Iron Networks, Inc. All Rights Reserved.