locked
Windows Firewall Service not starting

    Question

  • hi guys, i received this error while trying to restart the windows firewall service:

    error 1079: the account specified for this service is different from the account specified for the other services running in the same process

    any ideas on how to fix this problem is greatly appreciated. Thanks.

    if i go to MMC then add Windows Firewall With Advance Security:

    I had this error:

    Windows Firewall with Advanced Security Snap-in failed to load. Error code: 0x6D9

    sc query MpsSvc result:

    SERVICE_NAME: mpssvc
            TYPE               : 20  WIN32_SHARE_PROCESS 
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 1077  (0x435)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0


    Anyone pls. help...
    Monday, March 08, 2010 2:24 AM

All replies

  • Try the following:

    1. Start the services mmc (you can find it under the Administrative Tools area,
    2. Locate the Windows Firewall service, right-click it and choose Properties,
    3. Verify that the log on account is set to Local Service (in the Log On tab). If it is not, then proceed to stop 4. If it is, then you can stop now, because this isn't the issue.
    4. Click the Browse button.
    5. Type in "Local Service" in the object name area and click the OK button.
    6. Click OK again to close the main service properties window.
    7. Try and start the Windows Firewall service.

    Cheers,
    Lain

    Monday, March 08, 2010 10:15 AM
  • hi Lain,

    Thanks for your reply. Did what you said but i'm still receiving same error. I still can't enable the windows firewall. I had tried to do sfc /scannow. Will post the logs when done.

    Monday, March 08, 2010 10:26 AM
  • If that doesn't fix it (and I hope it does, since it's a very thorough little application) you still have the option of using the Security Configuration and Analysis wizard to recover from this.

    That said, I'd also check that both of the dependancy services/drivers have started:
    1. Service = Base Filtering Service
    2. Driver = Windows Firewall Authorization Driver (in devmgmt.msc, under the Non-Plug and Play Drivers node, which you need to turn on Hidden Devices to see)

    Still, fingers crossed the sfc can fix it.

    Cheers,
    Lain
    Monday, March 08, 2010 2:11 PM
  • Hi  Lain,

    Thanks again for your reply.

    1. Service = Base Filtering Service - running
    2. Driver = Windows Firewall Authorization Driver (in devmgmt.msc, under the Non-Plug and Play Drivers node, which you need to turn on Hidden Devices to see)
       - Device working properly.

    I just noticed that some registry keys on MpssVc was missing, so i fixed it. Now got a new error:

    Windows could not start the windows firewall on local computer.
    for more information, review the system event lof. if this is a
    non-microsoft service, contact the service vendor, and refer to
    service-specific errror code 5

    SFC unable to fix.

    Please help. Thank you.

    Wednesday, March 10, 2010 8:04 AM
  • Error code 5 will be an access denied issue, most likely. To what the access denied error explicitly refers, I'm not sure at this point, however, if you've replaced the Security subkey, then that might have something do to with it.

    Try using the Security Configuration and Analysis Wizard to resolve this. This is going to be a lengthy process (at least to read - it's not that long once you get into it), so get comfortable.

    Part 1: Creating the policy template.
    1. Open a command prompt.
    2. Run mmc.exe.
    3. File menu > Add/remove snap-in > Security Templates > Add button > OK button.
    4. Right-click on the Security Templates > New Template Search Path > Select C:\Windows\Security\Templates as the destination.
    5. Right-click the C:\Windows\Security\Templates directory > New Template > specify the name as Server 2008 Firewall > OK button.
    6. Expand the Server 2008 Firewall node > click on the System Services node.
    7. Right-click the Windows Firewall service > Properties.
    8. Put a check in the "Define this policy" checkbox.
    9. Select the Automatic radio button.
    10. Select the Edit Security button.
    11. Ensure the following entries are listed. If they aren't, then add them:
    - SYSTEM: Full Control
    - Administrators: Full Control
    - INTERACTIVE: Read
    12. Click OK, and OK again to close the Windows Firewall Properties dialog window.
    13. Right-click on the Server 2008 Firewall node again on the left-hand side, and choose Save.

    Part 2: Applying the template security.
    1. In the same mmc, select the File manu > Add/remove snap-in > Security and Configuration Analysis > Add button > OK button.
    2. Right-click the Security Configuration Node > Open Databse (think of this as Create Database).
    3. Specify a database name > Open button.
    4. In the Template window, open the C:\Windows\Security\Templates\Server 2008 Firewall.inf.
    5. Right-click on the Security Configuration node > Configure Computer Now.

    That's it. You've reset the security on the service to what it should be after building the OS, so try starting the service. If this does not succeed, then you'll know it's not the security on the service that is the issue.

    Cheers,
    Lain
    Wednesday, March 10, 2010 2:00 PM
  • Hi Lain,

    Thank you so much for your help. But I still receive same error, "Windows could not start the windows firewall on local computer."

    tried sc query mpssvc:

    SERVICE_NAME: mpssvc
            TYPE               : 20  WIN32_SHARE_PROCESS 
            STATE              : 1  STOPPED
            WIN32_EXIT_CODE    : 1066  (0x42a)
            SERVICE_EXIT_CODE  : 5  (0x5)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x0

    tried sc start mpssvc:

    SERVICE_NAME: mpssvc
            TYPE               : 20  WIN32_SHARE_PROCESS 
            STATE              : 2  START_PENDING
                                    (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
            WIN32_EXIT_CODE    : 0  (0x0)
            SERVICE_EXIT_CODE  : 0  (0x0)
            CHECKPOINT         : 0x0
            WAIT_HINT          : 0x7d0
            PID                : 1620
            FLAGS              :

    any ideas? thanks.
    Thursday, March 11, 2010 2:43 AM
  • Are you still getting the error 1079 you mentioned in your first post, or have you moved past that error now and onto a new one?

    Cheers,
    Lain
    Thursday, March 11, 2010 3:24 AM
  • the error is same with post #5:

    Windows could not start the windows firewall on local computer.
    for more information, review the system event lof. if this is a
    non-microsoft service, contact the service vendor, and refer to
    service-specific errror code 5

    thanks.
    Thursday, March 11, 2010 5:35 AM
  • Hi,

    Please export the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc and post here. I suspect that there is still something wrong with the registry key. A possible cause is that the Security value is missing under the key.

    Thanks.
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, March 12, 2010 5:49 AM
    Moderator
  • Hi Jason,

    Thanks for the reply. Here's the exported MpssVc registry:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
    "DisplayName"="Windows Firewall"
    "Group"="NetworkProvider"
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
      00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
    "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
    "ObjectName"="NT AUTHORITY\\LocalService"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000002
    "Type"=dword:00000020
    "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
      65,00,00,00,00,00
    "ServiceSidType"=dword:00000003
    "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
      00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
      72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
      00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
      00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
      00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
      53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
      00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
      65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
      00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
      6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
      00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
      00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
    "ServiceDllUnloadOnStop"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
    "Collection"=hex:87,00,01,00,51,02,01,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security]
    "Security"=hex:01,00,14,80,78,00,00,00,84,00,00,00,14,00,00,00,30,00,00,00,02,\
      00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
      00,00,02,00,48,00,03,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,\
      05,20,00,00,00,20,02,00,00,00,00,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,\
      12,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,01,\
      01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum]
    "0"="Root\\LEGACY_MPSSVC\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001

    Please help. Thanks in advance.

    Monday, March 15, 2010 1:27 AM
  • hi guys, do you think that malware or virus is causing this problem. But my Symantec (SEP) cannot find anything. how to get rid of this problem? Turn windows firewall ON. Thank you.
    Tuesday, March 16, 2010 3:15 AM
  • Did you ever get to the bottom of this, as I have the same problem?
    ICT Infrastructure Engineer/Chief Cook and Bottle Washer
    Monday, June 21, 2010 11:09 PM
  • I have got the same problem as mentioned above. (Windows Firewall with Advanced Security Snap-in failed to load. Error code: 0x6D9)

    It either happened after an attack to our server (SBS 2008 R2), or when OneCare was uninstalled.

    Anyway, under no circumstances am I able to find the "Windows Firewall Service".  It's not listed under "Services" neither is it listed when I'm following Liam Robertsons  procedure dated Wednesday, March 10, 2010 2:00 PM  described above.  I.e it is not listed under "System Services" after creating "server 2008 Firewall" node under Security Templates.

    What can I do to get that Service listed??

     

     

     

    Tuesday, June 29, 2010 2:20 PM
  • I do have a backup of systemstate created before the problem with the firewall occured.

     If I restore systemstate, will I then get the registrysetting back?  And if I do make a restore will it have any conflict whith the exchange server running oin the same machine?

    Tuesday, June 29, 2010 8:54 PM