Error: "Windows Firewall cannot run because another program or service is running that might use the Network Address Translation component (IPNat.sys)"

Article:TECH103850  |  Created: 2008-01-04  |  Updated: 2009-01-12  |  Article URL http://www.symantec.com/docs/TECH103850
Article Type
Technical Solution

Product(s)

Environment

Issue



Why do I get an Error: "Windows Firewall cannot run because another program or service is running that might use the Network Address Translation component (IPNat.sys)" when I try to launch Windows Firewall from control panel for port configuration in order to establish basic communication between the Symantec clients and the Symantec Server/Console/Manager.

Symptoms
On Windows Server 2003, when we try to launch Windows Firewall, it gives the error"Windows Firewall cannot run because another program or service is running that might use the Network Address Translation component (IPNat.sys)." This restricts us from configuring Exceptions in the Widows Firewall for communication between Symantec Endpoint Protection (SEP) and Symantec Eddpoint Protection Manager (SEPM)



Cause



RRAS Service which runs on the server with NAT does not allow the Windows Firewall service to start

Solution



Follow the steps below to resolve this issue:
  1. Click on Start
  2. Click on Run
  3. Type services.msc
  4. Click OK
  5. Stop and Disable the RRAS service
  6. This would let you access the Windows Firewall
  7. Configure the Windows Firewall as required
  8. Enable and Start RRAS service after the successful configuration of the Windows Firewall




Technical Information
This issue is caused due to limitation of the RRAS Service which runs on the server with NAT that does not allow the Windows Firewall service to start




Legacy ID



2008020502033148


Article URL http://www.symantec.com/docs/TECH103850


Terms of use for this information are found in Legal Notices