locked
Windows Firewall Service Wont Start RRS feed

  • Question

  • I have a 2008 server in my domain that I get the following error in the system log on:

    Windows Firewall terminated with service specific error code 87 (0x57)

    I can't seem to find anything relevant on how to fix this issue.  If I try to start the service manually, it errors out and say it can't start the service.

    I have other 2008 servers in the domain that don't have any issues at all with the firewall and run just fine.  That makes me think it's not a GPO issue, but I could be wrong.  I check the GPO settings for Adjust memory quotas for a process and Replace a process level token.  The entries there are LOCAL SERVICE,NETWORK SERVICE,Administrators.

    What else can I try other than reinstalling the OS as this is my SCCM server.  Thanks.
    Tuesday, February 24, 2009 7:29 PM

Answers

  • I think we fixed it.  It turned out my default domain policy was corrupted.  I ran dcgpofix and the firewall stays on now. I have to make a few modifications to the policy, but YAY!

    I am going to let things sit overnight and test again in the morning.  If all is well tomorrow, I'll consider this thing closed.
    • Marked as answer by Rob Jay Wednesday, April 1, 2009 6:41 PM
    Tuesday, March 10, 2009 7:48 PM

All replies

  • hi there,

    i would like to check if this behavior is exhibiting in safe mode, after which i would go ahead for further analysis.


    sainath Windows Driver Development
    • Proposed as answer by Sporeling Monday, November 27, 2017 1:23 PM
    Wednesday, February 25, 2009 2:22 PM
  •  

    Hi,

     

    How do you install the system? Do you install the system from original Windows Server 2008 DVD media? Or using a sysprep/customized image?

     

    The error code 87 loosely means invalid parameter. I suggest that we check the following:

     

    1.       Ensure the Windows Firewall service is running under Local Service account.

    2.       Compare the following registry keys with the working Windows Server 2008 machine to ensure that they are correct:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

    3.       Check the status of Windows Firewall Authorization Driver:

    a. Open Device Manager (devmgmt.msc)

    b. In the View menu, choose View Hidden Devices.

    c. Expand Non-Plug and Play Devices.

    d. Double-click Windows Firewall Authorization Driver and check if it is working properly.

    Thursday, February 26, 2009 10:46 AM
  • We have narrowed it down to a GPO issue.  The firewall runs fine before it's joined to the domain. Once we join any 2008 server to the domain, the firewall services stop working after the second reboot.  When we pull the machine out of the domain, the services start working again.  We also set up a new OU and blocked inheritance and then created a new GPO for that OU.  The services start working again in the domain IF it's not inheriting the default domain policy.  The thing is, we dont' have anything defined for the firewall and very few settings  are defined AT ALL in this GPO.
    Thursday, February 26, 2009 2:02 PM
  •  

    Hi,

     

    Glad that you have found out the cause. In this case, you can create a new GPO and configure the policy settings one by one according to the default domain policy to check which is the “offending” setting.

     

    In addition, to troubleshoot this issue efficiently, you may contact Microsoft Customer Support Service (CSS). The support professionals there can help you debug and analyze the related dump file.

     

    To obtain the phone numbers for specific technology request, please take a look at the website listed below:

    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS

     

    Thanks.

    • Marked as answer by Joson Zhou Thursday, March 5, 2009 6:29 AM
    • Unmarked as answer by Rob Jay Tuesday, March 10, 2009 7:55 PM
    Friday, February 27, 2009 3:39 AM
  • Thanks.  We have opened a class C ticked with Microsoft and are working with a technician now.  I will post the fix once we have one.
    Friday, February 27, 2009 2:15 PM
  • hi there,

    best of luck ! and please do let us know the resolution.
    sainath Windows Driver Development
    Saturday, February 28, 2009 3:09 PM
  • Well, no solution from Microsoft support as of yet. It's been a couple of weeks now and I may not be able to afford to let this ticket stay open much longer. 
    Tuesday, March 10, 2009 2:57 PM
  • I think we fixed it.  It turned out my default domain policy was corrupted.  I ran dcgpofix and the firewall stays on now. I have to make a few modifications to the policy, but YAY!

    I am going to let things sit overnight and test again in the morning.  If all is well tomorrow, I'll consider this thing closed.
    • Marked as answer by Rob Jay Wednesday, April 1, 2009 6:41 PM
    Tuesday, March 10, 2009 7:48 PM
  • Closed.  It was a corrupted policy.
    Friday, March 13, 2009 8:39 PM