none
Removing Desktop Experience breaks Firewall

    Question

  • We are noticing that on Server 2012 and 2012 R2, if we uninstall the Desktop Experience feature and then reboot the server we are no longer able to start the Firewall service, we get "Access denied".  If we reinstall Desktop Experience we are able to start it again, but removing brings us back to "access denied".  We even tried removing Desktop Experience while the firewall is turned on.  After a reboot, the service won't start again.  Anybody know how to fix this? 

    Thanks.

    Friday, June 6, 2014 12:58 PM

Answers

  • We've seen the similar symptons. Please try manually create the following registry key, and then test to see if Windows Firewall can be started.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\ACService

    ====

    If this does not help, please try the following way to troubleshoot the problem:

    The typical way to troubleshoot such kind of "Access is denied" error is to use the Process Monitor tool.

    http://technet.microsoft.com/en-us/sysinternals/bb896645

    Make sure to launch it from an elevated prompt.

    In this situation, just use this tool to monitor the svchost.exe process, and filter the result Access Denied (Access is Denied). Normally it will tell us at what actoin it generates the Access Denied error. If it is about accessing/writing/deleting a file, then we just check the NTFS permission of the relevant file/folder. If it is about trying to do something against the registry, then we just check the registry key and check the "Permissions" of the key.

    Hope this helps.

    Regards,
    Bennie Chen

    Wednesday, June 11, 2014 2:52 AM
    Moderator

All replies

  • Hi,

    I did the test, and get the error could not start windows firewall.

    And if you just sign out, you could start the service without problem.

    Please check the event log, maybe some detail error message.

    Regards.


    Vivian Wang




    Tuesday, June 10, 2014 6:51 AM
    Moderator
  • Hi Vivian,

    I tried logging out and running a remote powershell script to start the service and it fails. This will happen on all our 2012 and 2012 R2 servers after "Desktop Experience" is installed and then removed.  I can start and stop other services.   I get the following message in the application log:

    Log Name:      Application
    Source:        Application Error
    Date:          6/10/2014 8:10:37 AM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:  
    Description:
    Faulting application name: svchost.exe, version: 6.2.9200.16420, time stamp: 0x505a9a4e
    Faulting module name: mpssvc.dll_unloaded, version: 0.0.0.0, time stamp: 0x5076368c
    Exception code: 0xc0000005
    Fault offset: 0x000007fd1e5059b0
    Faulting process id: 0xb88
    Faulting application start time: 0x01cf84a4c73b28af
    Faulting application path: C:\Windows\system32\svchost.exe
    Faulting module path: mpssvc.dll
    Report Id: 3b271f4b-f098-11e3-944a-00155d05d628
    Faulting package full name:
    Faulting package-relative application ID:

    And this on on the System log:

    Log Name:      System
    Source:        Service Control Manager
    Date:          6/10/2014 8:09:07 AM
    Event ID:      7024
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:
    Description:
    The Windows Firewall service terminated with the following service-specific error:
    Access is denied.


    Tuesday, June 10, 2014 12:13 PM
  • Hi,

    Thanks for your response.

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Regards.


    Vivian Wang

    Wednesday, June 11, 2014 1:37 AM
    Moderator
  • Hi

    Does running netsh advfirewall reset in a elevated prompt does help ? 


    Regards, Philippe

    Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )

    Answer an interesting question ? Create a wiki article about it!

    Wednesday, June 11, 2014 2:23 AM
    Moderator
  • We've seen the similar symptons. Please try manually create the following registry key, and then test to see if Windows Firewall can be started.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\ACService

    ====

    If this does not help, please try the following way to troubleshoot the problem:

    The typical way to troubleshoot such kind of "Access is denied" error is to use the Process Monitor tool.

    http://technet.microsoft.com/en-us/sysinternals/bb896645

    Make sure to launch it from an elevated prompt.

    In this situation, just use this tool to monitor the svchost.exe process, and filter the result Access Denied (Access is Denied). Normally it will tell us at what actoin it generates the Access Denied error. If it is about accessing/writing/deleting a file, then we just check the NTFS permission of the relevant file/folder. If it is about trying to do something against the registry, then we just check the registry key and check the "Permissions" of the key.

    Hope this helps.

    Regards,
    Bennie Chen

    Wednesday, June 11, 2014 2:52 AM
    Moderator
  • Thank you very much.  Adding the ACService reg key fixed it.  The firewall service now starts without a problem
    Wednesday, June 11, 2014 2:37 PM
  • Vivian, thank you for your help!
    Wednesday, June 11, 2014 2:52 PM
  • Is Microsoft planning to address this issue?

    This is quite costly issue on remote servers where disabling/enabling Desktop Experience feature (e.g. to be able to get cleanmgr on server OS) cryples windows firewall and all the ports are suddenly closed.

    This exactly happened to us.

    Tuesday, September 12, 2017 4:32 PM