Error 5: Access is Denied (Firewall, BFE unable to start)


  • The problem is on Windows Server 2008 R2 machine. It has Exchange Server 2007 for emails. All the services were working fine until last couple of days. BFE and Firewall are stopped. When we try to start the service, it says Error 5: Access is Denied. I can't add the local group policy as Windows Server 2008 is a DC. It is connected to Windows Server 2003 AD. I have tried everything listed online. Added Network Service into the BFE registry, tried giving full permissions to the Local System but it's still displaying the same error message. Also, we tried to export the registry from another Windows Server 2008 R2 to this machine but it didn't make any difference. What could cause the issue? Any help is appreciated.

    • Changed type Bruce-Liu Wednesday, July 28, 2010 4:46 AM
    Tuesday, July 20, 2010 10:13 PM


All replies

  • Hi,

     Have you made any changes to the default domain or default domain controller policies? Have you added any GPOs at the domain or domain controller OU level that might be impacting this functionality?

     When you say you exported the registry and imported it, do you mean just for the services or the whole registry?

    Do you have any other DCs? can you demote this server? Exchange and AD are not recommended on the same server.


    I'd probably start with checking the system event log for errors, then check the application event log. Demoting the server, if possible, and then moving it to an OU that blocks all GPOs would be a good test also but that could disrupt access to Exchange depending the GPOs in place.




    Tuesday, July 20, 2010 10:27 PM
  • We haven't made any changes to the default domain or defauly domain controller policies.

    Only BFE registry was imported, we didn't import the entire registry. We have tried demoting it through dcpromo /forceremoval and re-added the DNS but it didn't help.

    Tuesday, July 20, 2010 10:32 PM
  • Are any other GPOs applying to the server?


    Are there any relevant errors in the logs?



    Tuesday, July 20, 2010 10:37 PM
  • Hi,


    Did you install Exchange Server on a Domain Controller? This is not recommended and may cause several issues:


    This Exchange server is also a domain controller, which is not a recommended configuration


    Regarding this problem, please refer to the following article to troubleshoot it:



    If the problem continues, please check if there is any relevant error in the Event Viewer.




    • Marked as answer by Bruce-Liu Wednesday, July 28, 2010 4:47 AM
    Thursday, July 22, 2010 7:11 AM