There can be several causes that will prevent the Windows Firewall from starting and I will attempt to cover them in this series of five blog posts. In this first post, I will cover Windows XP and Windows Vista / Windows 7 separately as they are two different services. Last I will cover one issue with OneCare. Note: Specifics on Windows Vista and Windows 7will come in a later blog post.
Windows XP
In Windows XP, the firewall service is named "Windows Firewall/Internet Connection Sharing (ICS)", or SharedAccess service.
Typical errors seen as either popups or within event logs when the service fails to start are:
- Cannot start the Windows Firewall/Internet connection sharing (ICS) Service on local computer
- Error 2: The system cannot find the file specified
- Error 1705: While starting windows firewall and internet connection sharing services
Problems starting the Firewall Service in Windows XP are most commonly related to an issue with the Shared Access registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
The quickest resolution is generally to rebuild the key. Instructions for doing this are in the following article, along with a FIXIT link:
Other things you will want to check are:
- Verify that the "Remote Procedure Call (RPC)" service is started
- Verify that the service is configured to logon as Local System Account, as shown below:
The above 3 items cover the vast majority of the issues with starting the Firewall in Windows XP.
Windows Vista and later (Windows 7, Windows Server 2008, and Windows Server 2008 R2)
In Windows Vista and later, the firewall service is "Windows Firewall" (MPSSVC); it combines both Firewall and IPsec functionality.
The first thing to check is that the Base Filtering engine (BFE) is running. There are a number of services dependent on the BFE service (including the Windows Firewall) that may also fail to start:
- IPsec Policy Agent (PolicyAgent)
- Windows Firewall
- IKE and AuthIP IPsec Keying Modules
- Internet Connection Sharing (ICS)
- Routing and Remote Access
In my experience most of the issues starting these services are related to permissions.
Typical errors seen in relation to starting this service are:
- Event ID: 7024 - The Windows Firewall service terminated with service-specific error 5 (0x5)
- Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
- Windows could not start the IPsec Policy Agent service on Local Computer. Error 1068: The dependency service or group failed to start.
- Windows could not start the Network Location Awareness on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073741288.
- The Windows Firewall service terminated with service-specific error 87 (0x57)
- Error 0x80004015: The class is configured to run as a security id different from the caller.
- The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
- "net start mpssvc" in cmd.exe returns the system error 1297.
What to look for (specific details will be shared in a future blog post):
- Verify Log On permissions
- Verify registry permissions
- Verify privilege permissions
- Verify Service Dependencies
- Reset the default security permissions
- Verify that the TxR folder exists : %systemroot%\system32\config\TxR
- Verify the following registry keys by comparing them to a default Windows installation:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShareAccess
Windows OneCare
Lastly, I am including information about one issue that may be seen with the Windows OneCare Firewall Service. The following messages may be seen:
The Windows OneCare Firewall Service Could not Start
Urgent - Turn on Firewall
You will see this error in the Windows OneCare interface, with a red status action item asking you to enable the firewall. The action listed does not enable the firewall, however.
This issue is also very specific because the firewall settings in Windows OneCare are grayed out and cannot be modified.
To resolve this issue:
Use the steps below to ensure that the PATH environment variable contains the following path:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
- Click Start / Control Panel and open the System Icon.
- In System, click the Advanced tab and then Environment Variables.
- Ensure that in the lower box "System variables" that PATH exists. If Path does not exist click NEW and type in PATH as the variable name and enter the above path in the variable value.
- If PATH already exists, highlight it and click Edit.
- Under variable name, click at the end of the line to append the above mentioned path to the end of the current path. NOTE: BE SURE TO SEPERATE THE OLD PATH AND THE NEW PATH WITH A SEMI-COLON ( ; ).
- Click OK to close the windows and restart the computer.
If this does not resolve the issue, try the following step:
- Click Start / Run and type Regsvr32 %SystemRoot%\System32\wbem\wmidcprv.dll and click OK.
- Restart the computer and test the firewall again.
If this does not resolve the issue, or if the problem does not match the description, please follow the steps in KB article 910659.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.