Discussions

IPNat.sys and Windows 2003 Firewall

+
0 Votes
Locked

IPNat.sys and Windows 2003 Firewall

sfl1964
IPNat.sys and Windows 2003 Firewall
I am taking over for another Networking company. The company istalled a W2003 Server (R2). To save time and driving to administer this server I am trying to rem,otely access the server via Remote Desktop. That of course is a failure. Going through the proper procedures I can not check on the Windows Firewall settings if Remote Desktop is enabled. The error I always receive:
"Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)"

I tried to shut ipnat.sys down via the 'command prompt' by either using 'sc stop ipnat' (nothing happens there it just says running the sc query command that a stop is pending) or by using net stop ipnat. With the latter command I receive the message 'The IP Network Address Translation Service could not be stopped'.

The weird thing is I can use remote desktop from a user computer but like I said, not from the outside.

Any tips and hints I surely would appreciate.
  • +
    0 Votes
    petevoni

    I am having the same symptom on a 2003 Web edition server. I could use the help as well.

    +
    0 Votes
    petevoni

    Found this tidbit while researching this problem:
    Can't enable windows Firewall on a RRAS server - Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)
    Situation: one of our clients could not get the windows Firewall to work. Whenever they tried to start the Windows Firewall, they received the following message: "Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys).

    What they tried:

    They event tried to stop the RRAS but got the same result. They finally make it work by disabling the RRAS.

    Recommendation: It is not recommended to use Windows Firewall on a RRAS server. If you use the server as a router, you should enable NAT; if you use the server as VPN, you should have another firewall. If, for some reasons, you do want to enable Windows Firewall in the Windows 2003, you may need to disable the RRAS. To do that, right-click on My Computer>Manager>Services and Applications>Services. Disable Routing and Remote Access service

    When I disabled RRAS, I could get into my Firewall settings. I then shut off my firewall and re-configured RRAS.

    +
    0 Votes
    fernando.morais

    I have the same problem in a SBS2003 and tried to solve the problem, but even after the service ipnat.sys is stopped the problem continues.

    +
    0 Votes
    MarkD60

    Made me look good!

    +
    0 Votes
    benjaminj0711

    The solution is accurate , but the server should have an external firewall and dual network cards. as well i use rras so i need that.

    +
    0 Votes
    dhruv.tech

    Hi, even i was facing the same problem, thanks for your help.

    +
    0 Votes
    gangabyndoor

    Some times it is not possible stop the service using sc stop ipnat.sys. So best option to change the firewall setting is, remove the remote access service (Manage your server->Add or remove more role->click Next button ->Select Remote access service). once its stoped, you will able with ping the machine remote machine, you can login to server desktop from remote machine.

    +
    0 Votes
    bcb

    I have set up many servers in the past but this is the first R2 server that I have set up and I checked the Remote Access check by mistake and was unable to ping the server or for that matter even browse the domain in Entire network. Once I did this I was able to do all I needed to do, and it was driving me nuts, I was almost at the point of calling it a currupt install and doing a new fresh install. thanks for saving me all the time of doing that.

    +
    0 Votes
    u99207

    It works for me

    1. Restart Windows firewall/Internet connection sharing service


    Thanks
    Kiruba

    +
    0 Votes
    26kgxbg02

    I've been searching the net for days looking for this solution. Finally figured it out through trial and error. I don't want to just "disable RARs" because it's kind of important :)

    While trying to enable an ftp site on a server 2003 machine, I had the same problem. It wasn't my router, and it wasn't my firewall. it was windows 2003 and ipnat.sys

    If I try to access the windows firewall, I get the following error.
    Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)

    I went to Control Panel Administrative Tool/ Routing and Remote Services
    In RARS console, Under IP Routing, I right clicked on Network Connection, and left clicked properties, and selected the Services and Ports tab. I put a check next to FTP and entered the local loop back IP 127.0.0.1 Hit apply and everything works.

    Why does MS hides the firewall with RARS behind that cryptic message? Why doesn't IIS or the "configure your server wizard" automatically enable the service with RARS. Both Questions are beyond me.


    Hopefully others will find this useful.

    +
    0 Votes
    ALFSAMB

    Uninstall and reinstall
    "Client for Microsoft Networks" in network configuration !

    +
    0 Votes
    Computer Dave

    I'm building a new SBS box and cannot for the life of me get VNC to work properly. VNC can see another sever on the LAN but it cannot see any of the workstations (Win XP).
    Your solution is the closest I've come to an answer but I don't have the same options you describe. In the RRAS Console, I drill-down to IP routing, I have General; Static Routes; DHCP Relay Agent; and IGMP - nothing that says Network Connection and nothing with a tab labeled Services and Ports. This is driving me nuts as it VNC works perfectly on the old SBS box I'm trying to replace.

    Any help out there?

    ~Dave

    +
    0 Votes
    marrdon

    Remove the service Pack 2, then reboot the server and try to connect .

    Hope this helps...

    +
    0 Votes
    info

    hi,
    I have just inherited a system that I'm to support ? Win2003SBS, SP2.
    One of the problems I have encountered is that the Windows Firewall/Internet Connection Sharing (ICS) fails to start. I searched this issue and most of the solutions points to disabling NAT in the RRAS.
    I was about to do this but realized the very first message that pops up is this: ?You are disabling the router and removing its configuration. To re-enabler the router, you will have to reconfigure it. Do you want to continue??
    The server is configured as router with two interfaces and I don?t think I want to disable it.
    Any ideas?

    +
    0 Votes
    benjaminj0711

    use logemein.com its secure 256 bit encrypt and its free. you should change the config by using and following this link.

    http://www.microsoft.com/smallbusiness/support/articles/sec_sbs2003_network.mspx

    +
    0 Votes
    albertgk

    this worked for me: right click My Computer -> Manage -> Services and Applications -> RRAS right click on it and DISABLE! it will tell you will have to reconfigure later on which is ok!

    +
    0 Votes
    rayhuff

    We had a similar problem with IPNAT to stop it we ran at the CMD prompt
    NET STOP IPNAT
    Our problems went away.

    +
    0 Votes
    anlu42

    net stop ipnat solved my problems as so far that i know at least can connect to it with its ip#, servername will not work however, and FW is still down.
    DNS-records updated and \\servername is working again, but how do I avoid having to kill ipnat.sys at each reboot?
    Any suggestions?

  • +
    0 Votes
    petevoni

    I am having the same symptom on a 2003 Web edition server. I could use the help as well.

    +
    0 Votes
    petevoni

    Found this tidbit while researching this problem:
    Can't enable windows Firewall on a RRAS server - Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)
    Situation: one of our clients could not get the windows Firewall to work. Whenever they tried to start the Windows Firewall, they received the following message: "Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys).

    What they tried:

    They event tried to stop the RRAS but got the same result. They finally make it work by disabling the RRAS.

    Recommendation: It is not recommended to use Windows Firewall on a RRAS server. If you use the server as a router, you should enable NAT; if you use the server as VPN, you should have another firewall. If, for some reasons, you do want to enable Windows Firewall in the Windows 2003, you may need to disable the RRAS. To do that, right-click on My Computer>Manager>Services and Applications>Services. Disable Routing and Remote Access service

    When I disabled RRAS, I could get into my Firewall settings. I then shut off my firewall and re-configured RRAS.

    +
    0 Votes
    fernando.morais

    I have the same problem in a SBS2003 and tried to solve the problem, but even after the service ipnat.sys is stopped the problem continues.

    +
    0 Votes
    MarkD60

    Made me look good!

    +
    0 Votes
    benjaminj0711

    The solution is accurate , but the server should have an external firewall and dual network cards. as well i use rras so i need that.

    +
    0 Votes
    dhruv.tech

    Hi, even i was facing the same problem, thanks for your help.

    +
    0 Votes
    gangabyndoor

    Some times it is not possible stop the service using sc stop ipnat.sys. So best option to change the firewall setting is, remove the remote access service (Manage your server->Add or remove more role->click Next button ->Select Remote access service). once its stoped, you will able with ping the machine remote machine, you can login to server desktop from remote machine.

    +
    0 Votes
    bcb

    I have set up many servers in the past but this is the first R2 server that I have set up and I checked the Remote Access check by mistake and was unable to ping the server or for that matter even browse the domain in Entire network. Once I did this I was able to do all I needed to do, and it was driving me nuts, I was almost at the point of calling it a currupt install and doing a new fresh install. thanks for saving me all the time of doing that.

    +
    0 Votes
    u99207

    It works for me

    1. Restart Windows firewall/Internet connection sharing service


    Thanks
    Kiruba

    +
    0 Votes
    26kgxbg02

    I've been searching the net for days looking for this solution. Finally figured it out through trial and error. I don't want to just "disable RARs" because it's kind of important :)

    While trying to enable an ftp site on a server 2003 machine, I had the same problem. It wasn't my router, and it wasn't my firewall. it was windows 2003 and ipnat.sys

    If I try to access the windows firewall, I get the following error.
    Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)

    I went to Control Panel Administrative Tool/ Routing and Remote Services
    In RARS console, Under IP Routing, I right clicked on Network Connection, and left clicked properties, and selected the Services and Ports tab. I put a check next to FTP and entered the local loop back IP 127.0.0.1 Hit apply and everything works.

    Why does MS hides the firewall with RARS behind that cryptic message? Why doesn't IIS or the "configure your server wizard" automatically enable the service with RARS. Both Questions are beyond me.


    Hopefully others will find this useful.

    +
    0 Votes
    ALFSAMB

    Uninstall and reinstall
    "Client for Microsoft Networks" in network configuration !

    +
    0 Votes
    Computer Dave

    I'm building a new SBS box and cannot for the life of me get VNC to work properly. VNC can see another sever on the LAN but it cannot see any of the workstations (Win XP).
    Your solution is the closest I've come to an answer but I don't have the same options you describe. In the RRAS Console, I drill-down to IP routing, I have General; Static Routes; DHCP Relay Agent; and IGMP - nothing that says Network Connection and nothing with a tab labeled Services and Ports. This is driving me nuts as it VNC works perfectly on the old SBS box I'm trying to replace.

    Any help out there?

    ~Dave

    +
    0 Votes
    marrdon

    Remove the service Pack 2, then reboot the server and try to connect .

    Hope this helps...

    +
    0 Votes
    info

    hi,
    I have just inherited a system that I'm to support ? Win2003SBS, SP2.
    One of the problems I have encountered is that the Windows Firewall/Internet Connection Sharing (ICS) fails to start. I searched this issue and most of the solutions points to disabling NAT in the RRAS.
    I was about to do this but realized the very first message that pops up is this: ?You are disabling the router and removing its configuration. To re-enabler the router, you will have to reconfigure it. Do you want to continue??
    The server is configured as router with two interfaces and I don?t think I want to disable it.
    Any ideas?

    +
    0 Votes
    benjaminj0711

    use logemein.com its secure 256 bit encrypt and its free. you should change the config by using and following this link.

    http://www.microsoft.com/smallbusiness/support/articles/sec_sbs2003_network.mspx

    +
    0 Votes
    albertgk

    this worked for me: right click My Computer -> Manage -> Services and Applications -> RRAS right click on it and DISABLE! it will tell you will have to reconfigure later on which is ok!

    +
    0 Votes
    rayhuff

    We had a similar problem with IPNAT to stop it we ran at the CMD prompt
    NET STOP IPNAT
    Our problems went away.

    +
    0 Votes
    anlu42

    net stop ipnat solved my problems as so far that i know at least can connect to it with its ip#, servername will not work however, and FW is still down.
    DNS-records updated and \\servername is working again, but how do I avoid having to kill ipnat.sys at each reboot?
    Any suggestions?