Friday, September 09, 2011 9:52 AM
Hello! I have Windows 2008 R2 standard server with SQL 2008 and Configuration Management system installed. This is virtual vmware server. After updates released 9.8.2011, inbound network connectivity to this server does not work because firewall service is not running. Outbound connection from this server works fine.
Error messages: Windows could not start the Windows Firewall on Local Computer. Error code 5. and The Windows Firewall service terminated with spesific error Access is denied.
I already did some fixes, but none of them solved the problem:
- netsh winsock reset
- secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbosem (this resets security permission of entire Windows OS)
- service is running with Local Service permission
- Windows Firewall Authorization Driver works propertly
- In registery key CurrentControlSet\services\mpssvc has been added NT Service\mpssvc account with full control
Saturday, September 10, 2011 10:16 AMPlease help! Any ideas? Next I have in mind, to start this virtual machine from 2008 R2 installation media, and try to recover or reinstall it.
Monday, September 12, 2011 5:48 AM
I pull this up once again, if there would be any MVP starting his week at the office :)
I have 2 other options in mind, before re-installing the system:
- to renew WMI by deleting wbem\repository
- to re-join server do domain
What do you guys thing?
Monday, September 12, 2011 6:11 PM
I´ve been fighting with this server whole evening. These has been tried not:
- group policy with firewall service and rules has been applied
- same GPO with firewall has been disabled
- WMI has been rebuild
- server has been dropped from domain to workgroup - service still not starting
- server has been joined to domain again, no change
Tuesday, September 13, 2011 8:14 AM
I´m aware of this article and I replaced 3 registery paths with copies I got from server where Firewall service works fine:
Thursday, September 15, 2011 2:11 PMJust pulling this up once again. After I copied registery keys from other server, even Base Filtering Engine fails to start now because of access denied. Local Service account is used to start this service, as it should by default.
Wednesday, September 28, 2011 12:50 PM
Anyone? Please help!
I tried 2 more things:
- I started server in restore mode command promt and tried to do sfc /scannow with proper windir and winboot options.
- I tried to repair WMI with wmimgmt.exe
Here are 3 important logs:
Event 7023, WMI Driver service terminated, access is denied
Event 7024, Windows Firewall service terminated, access is denied
Event 10009, DistributedCOM cannot be found. Not installed or corrupted. You can install or repair the component.
Tuesday, October 04, 2011 2:01 PM
I got firewall service up by resetting security inheritance of firewall registery key. Still, WMI driver service does not come up, and the bigger issue I have, I cannot join this machine back to domain. I have now DistributedCOM Event 10009 happening all the time.
How can I reset the operating system settings by the best way?
Wednesday, November 23, 2011 12:29 PMNow I have another server with exact same situation...
Thursday, November 24, 2011 9:42 PM
I had the same problem: Windows Firewall would not start.
If I clicked a button to start the firewall in dialog, it would just fail. If I tried from the command line, with net start mpssvc, it would give me Error 5.
To fix it, I followed the steps here - http://support.microsoft.com/kb/943996 . Mostly. I had to resort to some extra steps, which I will describe below.
First - The article says it applies to Windows Vista, but I have Windows 7 and it applied to Windows7 as well, at least in my case.
I found several problems with the article, described here:
- The article includes a link to a "Fix it" program which is intended to provide an automated way to apply the required fixup. It sounds like a good idea but it did not work for me. The fixit ran, but after 45 seconds it said "The problem is still present" or something like that. It was ineffective. This is a shame because the diagnosis of the problem in the article is EXACTLY RIGHT.
- I then went through the steps described for manually editing the security permissions on the registry keys associated to HKLM\CurrentControlSet\Services\SharedAccess as described in the article. The article provides enumerated steps to do this. The list of steps is missing one critical step, between step 2 and 3, which is , click Add....
- The article says I need to modify the ACL for the Epoch key, and the ACL on 2 different Parameters keys. I did this, adding permissions for the MpsSvc user to the ACLs on these keys, remembering to perform the missing step I just described. Then I tried restarting the service with net start mpssvc. It failed once again with the same error - ENOACCESS, 0x5, Access is denied. I then examined a working Windows7 computer and checked the ACL for these keys. On the working computer the Epoch2 key also had access for the MpsSvc User. I modified that ACL as well, and then tried restarting - it worked.
The original scenario was a Windows 7 computer running McAfee Security Center, or whatever its called. I didn't want that, because McAfee seemed to be interfering with multiple other programs that needed to download and install updates - Java, Flash, Zune. So my idea was to scrap McAfee and replace it with the free Microsoft Security Essentials. I stopped and uninstalled McAfee, and here I had to resort to a special Mcafee-provided tool to uninstall. (That McAfee requires a special install tool ought to be a crime).
After uninstalling McAfee and installing MSE, the Windows Firewall could not or would not start. I found that the registry keys in HKLM\CurrentcontrolSet\Services\MpsSvc were completely missing. Nice one, McAfee! So in order to fix THAT, I had to export the appropriate regkey tree from a working Windows7 computer, and then import it on the ailing computer.
I don't actually know if that step was necessary, because when I tried net start mpssvc after importing the reg keys, the firewall still did not start. But it seemed that adding the missing regy keys was at least benign. It could be that the firewall once started would have created those keys anyway. I don't know. In any case, try doing the copy/graft I described here if you still have the problem.
Good luck to everyone, and Happy Thanksgiving. This problem REALLY, REALLY should not be so complicated.
- Edited by cheeso Thursday, November 24, 2011 9:46 PM
Wednesday, December 07, 2011 12:24 PM
- Edited by Adm_Gs Saturday, December 10, 2011 8:38 PM
Saturday, December 10, 2011 8:32 PM
above link has been moved here
Thursday, July 19, 2012 1:33 PM
Try the following link to resolve - worked for me! The cause is due to the BFE service failing usually due to permissions - the firewall is dependent on the BFE:
That should help.
Friday, July 27, 2012 12:25 PMI needed the permission for Epoch2 as well. Thank you for documenting this. After adding the additional step for key on Epoch2 the firewall started right up again.
Friday, November 16, 2012 8:08 PM
Thanks, the link you refer to helped me quite a bit. I took shortcuts and just gave the "Everyone" account the "Full Control" and "Read" permission on all of the keys listed, but it seems to have fixed the problem.
Very important to note is that in my case, the problem was initially caused by a virus - getting rid of the virus is of course top priority. Windows Security Essentials could remove the virus, but it DID NOT detect the virus during quick scans, I had to do a full scan before it found the virus.
My PC was Win7 Ultimate 64-bit.