Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2214 Source: W3SVC-WP

Source
Level
Description
The HTTP Filter DLL C:\Program Files\Citrix\Licensing\LMC\Tomcat\bin\win32\i386\isapi_redirect.dll failed to load.††The data is the error.
Comments
 
"C:\Program Files\Duo ISAPI Filter\\DuoFilter.dll": As you can see, the path of DuoSecurity OWA Integration is incorrect after installation.
First open IIS Console -> Sites -> Default Web Site. Open "ISAPI-Filters" and double-click on "Duo ISAPI Filter". Now enter the correct path of the dll. This solved the problem for me.
The ISAPI filter can fail to load for a number of reasons - the isapi_redirect.properties configuration file may contain a typo the IIS configuration may not have been set up correctly. However it is rarely mentioned that folder permissions need to be granted for the Apache folders containing the ISAPI DLL configuration libraries and the folder where the logs will be written. If everything else seems to be configured correctly this will probably solve the problem.

You will get event IDs 2214 and 2268 in the application log if the file permissions are not set up right and the ISAPI filter will fail to load (red downward arrow) in the IIS Manager. These are the minimum required permissions for the local accounts described:

Folder Local Account Permissions Required
Apache\Tomcat\Conf NETWORK SERVICE Read
Apache\Tomcat\ISAPI NETWORK SERVICE Read
Apache\Tomcat\ISAPI IUSR_machineName Read
Apache\Tomcat\lib NETWORK SERVICE Read
Apache\Tomcat\logs NETWORK SERVICE Read & write
"C:\Program Files\Duo ISAPI Filter\\DuoFilter.dll" on Small Business Server 2011. The answer from DuoSecurity was: "It looks like there are some permission conflicts when installing the Duo OWA integration on Small Business Server 2011. In order to resolve them, open a command-prompt with administrator privileges, and run the following command:

icacls "C:\Program Files\Duo ISAPI Filter\sessions" /grant "IIS_IUSRS":(CI)(OI)F

This solved the problem for me.
This problem occurs because the request forwarding filter does not load successfully. See ME955197 for information on solving this problem.

This issue occurs if Forefront Security for SharePoint leaves a reference to a .dll file, or references to several .dll files, in the metabase when you uninstall the program. See ME943621 for a resolution.
Errors 2214 and 2268 were being generated on the event log for Citrix (Program Files\Citrix\Licensing\LMC\Tomcat\bin\win32\i386\isapi_redirect.dll) after the Citrix server was not properly removed. This was because Citrix has not been removed from IIS.


I just fixed this problem by changing permissions on a registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\1.0. Granting "Everyone" read rights to this key solved the problem. My SMS2003 management point on the same server started working again too.
Citrix Support Document ID: CTX106866 provides information on this event.
Like Dave Murphy, this happened to me for Metaframe 3.0 server components. I had the Citrix Licensing server installed on Windows Server Enterprise with IIS and then one of our people installed SMS over the top. After this, the Citrix licensing and other web services stopped working. I simply reinstalled Citrix Licensing to resolve the issue.
I had just loaded the Citrix 3.0 licensing server on one of our Windows 2003 domain controllers. Initially the server would not start up. I had to reset some security settings for user access to the domain controller specific to the IUSR account under the domain controllerís security policy. Additionally I followed the guide as outlined in Tomcat IIS How-To. I used their worker.properties settings, changing the paths to the appropriate locations, as it seemed more robust than the generic Citrix file. I also followed the guide just to double check all the settings. Between the guide and checking the security settings on files and folders and user access I was able to get the website back up and running.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...