Discussions

IPNat.sys and Windows 2003 Firewall

+
0 Votes
Locked

IPNat.sys and Windows 2003 Firewall

sfl1964
IPNat.sys and Windows 2003 Firewall
I am taking over for another Networking company. The company istalled a W2003 Server (R2). To save time and driving to administer this server I am trying to rem,otely access the server via Remote Desktop. That of course is a failure. Going through the proper procedures I can not check on the Windows Firewall settings if Remote Desktop is enabled. The error I always receive:
"Windows Firewall can not run because another program or service is running that might use the Network Address Translation component (IPNat.sys)"

I tried to shut ipnat.sys down via the 'command prompt' by either using 'sc stop ipnat' (nothing happens there it just says running the sc query command that a stop is pending) or by using net stop ipnat. With the latter command I receive the message 'The IP Network Address Translation Service could not be stopped'.

The weird thing is I can use remote desktop from a user computer but like I said, not from the outside.

Any tips and hints I surely would appreciate.
+
0 Votes
petevoni
Collapse -

I am having the same symptom on a 2003 Web edition server. I could use the help as well.

+
0 Votes
petevoni
Collapse -

Found this tidbit while researching this problem:
Can't enable windows Firewall on a RRAS server - Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)
Situation: one of our clients could not get the windows Firewall to work. Whenever they tried to start the Windows Firewall, they received the following message: "Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys).

What they tried:

They event tried to stop the RRAS but got the same result. They finally make it work by disabling the RRAS.

Recommendation: It is not recommended to use Windows Firewall on a RRAS server. If you use the server as a router, you should enable NAT; if you use the server as VPN, you should have another firewall. If, for some reasons, you do want to enable Windows Firewall in the Windows 2003, you may need to disable the RRAS. To do that, right-click on My Computer>Manager>Services and Applications>Services. Disable Routing and Remote Access service

When I disabled RRAS, I could get into my Firewall settings. I then shut off my firewall and re-configured RRAS.

+
0 Votes
fernando.morais
Collapse -

I have the same problem in a SBS2003 and tried to solve the problem, but even after the service ipnat.sys is stopped the problem continues.

+
0 Votes
MarkD60
Collapse -

Made me look good!

+
0 Votes
benjaminj0711
Collapse -

The solution is accurate , but the server should have an external firewall and dual network cards. as well i use rras so i need that.

+
0 Votes
dhruv.tech
Collapse -

Hi, even i was facing the same problem, thanks for your help.

+
0 Votes
gangabyndoor
Collapse -

Some times it is not possible stop the service using sc stop ipnat.sys. So best option to change the firewall setting is, remove the remote access service (Manage your server->Add or remove more role->click Next button ->Select Remote access service). once its stoped, you will able with ping the machine remote machine, you can login to server desktop from remote machine.

+
0 Votes
bcb
Collapse -

I have set up many servers in the past but this is the first R2 server that I have set up and I checked the Remote Access check by mistake and was unable to ping the server or for that matter even browse the domain in Entire network. Once I did this I was able to do all I needed to do, and it was driving me nuts, I was almost at the point of calling it a currupt install and doing a new fresh install. thanks for saving me all the time of doing that.

+
0 Votes
u99207
Collapse -

It works for me

1. Restart Windows firewall/Internet connection sharing service


Thanks
Kiruba

+
0 Votes
26kgxbg02
Collapse -

I've been searching the net for days looking for this solution. Finally figured it out through trial and error. I don't want to just "disable RARs" because it's kind of important :)

While trying to enable an ftp site on a server 2003 machine, I had the same problem. It wasn't my router, and it wasn't my firewall. it was windows 2003 and ipnat.sys

If I try to access the windows firewall, I get the following error.
Windows firewall cannot run because another program or service is running that might use the network address translation component (Ipnat.sys)

I went to Control Panel Administrative Tool/ Routing and Remote Services
In RARS console, Under IP Routing, I right clicked on Network Connection, and left clicked properties, and selected the Services and Ports tab. I put a check next to FTP and entered the local loop back IP 127.0.0.1 Hit apply and everything works.

Why does MS hides the firewall with RARS behind that cryptic message? Why doesn't IIS or the "configure your server wizard" automatically enable the service with RARS. Both Questions are beyond me.


Hopefully others will find this useful.