Windows Fails to Start Windows Firewall Service

Discussion in 'Windows Vista Security' started by Jacob, May 25, 2007.

  1. Jacob

    Jacob Guest

    There is no repair option with Windows Vista (stupid)
    I have no restore points.


    BFE is running fine
    MPSDrv doesn't show up in the service list in task manager, interestingly
    enough...
    I did sc query MPSDrv instead, and STATE = 4 (Running)
    sc query BFE (just for kicks) STATE = 4 (running)

    Using the event viewer i found two errors in the last hour from source
    Service Control Manager Eventlog Provider. (My computer was turned off for
    about 5 hours before this) In the last 7 days these errors have repeated 15
    times and 14 times respectively.

    One of them seems a bit familiar. "The Windows Firewall service terminated
    with service-specific error 5 (0x5)."

    The other one says
    "The following boot-start or system-start driver(s) failed to load:
    i8042prt"

    I also have a print error, but it is probably because my printer is turned
    off, and an error from source LSM that reads
    "Terminal Service start failed. The relevant status code was The service
    cannot be started, either because it is disabled or because it has no enabled
    devices associated with it.
    .."

    The print error and the LSM error are also at around 15 repeats in the last
    7 days


    The Print error says "The print spooler failed to share printer hp psc 1200
    series with shared resource name JOSHUA'S PRINTER. Error 2114. The printer
    cannot be used by others on the network."

    Somehow not surprised here, i couldn't get it to share the printer.

    I noticed a strange side-effect of perhaps having the firewall as messed up
    as it is right now, I can't succesfully open ports on this computer, and I'm
    100% sure I'm forwarding properly and setting up my static IP properly.

    On a side note, I'm going away for 5 weeks as of saturday so I may be idle
    for a while.

    Thanks Mr. Beder
     
    Jacob, Jun 14, 2007
    #21
    1. Advertisements

  2. Jacob

    jwgalley Guest

    Glad to have finally found this thread. I am having the same issue as
    Jacob. I am getting the same output from the "SC XX" query commands. This
    is the only Vista machine in a 2K3 domain. No errors reported from group
    policy and no changes to policy in months. Error began on am of 5/29/07.
    While I regularly install/uninstall various products, and sure, any of them
    could be an issue, none would have been security related as I find the
    Windows firewall adequate to my needs. No reported spyware via defender or
    adaware which I installed first time this evening. Machine is a thinkpad
    t60p with Vista business clean install. Any help/thoughts would be greatly
    appreciated.


    John Galley
    JWG Consulting, LLC
    443-451-3378
     
    jwgalley, Jun 15, 2007
    #22
    1. Advertisements

  3. Jacob

    Jacob Guest

    Heh, I'm not the only one!!
     
    Jacob, Jun 15, 2007
    #23
  4. this might be a dead end given that mpsdrv is running, but could you post
    back with the contents of the security regkey for mpssvc?
    hkey_local_machine\system\currentcontrolset\services\mpssvc\security

    you can export the contents to a text file from one of the File options in
    regedit, then copy them from notepad.

    if the output isn't too huge, I wouldn't mind seeing all the settings for
    the service (ie, ...\services\mpssvc)

    thanks
     
    David Beder [MSFT], Jun 21, 2007
    #24
  5. Jacob

    jwgalley Guest

    Here are the contents of the registry key you requested.

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
    "DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
    "Group"="NetworkProvider
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
    00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
    "Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
    "ObjectName"="NT Authority\\LocalService"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000002
    "Type"=dword:0000002
    "DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
    65,00,00,00,00,00
    "ServiceSidType"=dword:0000000
    "RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
    00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
    72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
    00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
    00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
    00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
    53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
    00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
    65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
    00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
    6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
    00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,0
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
    00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
    "ServiceDllUnloadOnStop"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
    "Collection"=hex:87,00,01,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]
    "Collection"=hex:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security
    "Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
    05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
    00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
    00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
    0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
    00,00,00,05,12,00,00,00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum]
    "0"="Root\\LEGACY_MPSSVC\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
    --
    John Galley
    JWG Consulting, LLC
    443-451-3378
     
    jwgalley, Jun 21, 2007
    #25
  6. Jacob

    geohop Guest

    I also have this problem. I think it started when I uninstalled and
    reinstalled Windows One Care which has it's own Firewall. I used a program
    that One Care tech said to use called clean windows one care. I noticed that
    Windows Firewall was no longer there after uninstalling Windows One Care.
    When I have Windows One Care installed their Firewall works. One Care showes
    up in the services. When I uninstall One Care there is no Firewall in
    services. When I go to Control Panel and try to turn on Firewall it say it's
    not running. I can't even turn it on because it's not in Services. Have you
    found anythin new?
     
    geohop, Jun 25, 2007
    #26
  7. Jacob

    geohop Guest

    Also when I checked the Registry Key that David noted I have no
    mpssvc\security under services.
     
    geohop, Jun 25, 2007
    #27
  8. Jacob

    John Guest

     
    John, Jun 28, 2007
    #28
  9. Jacob

    John Guest

    I am also having this problem. It started after my machine started prompting
    for a driver for some hardware, even though I haven't added any new hardware.
     
    John, Jun 28, 2007
    #29
  10. well, I'm not finding anything out of the ordinary with these regkeys.

    the next step will be to try and gather some output from the service before
    it shuts down. unfortunately that might not be trivial and I need to
    investigate exactly how to do this.

    --
    David
    Microsoft Windows Networking
    This posting is provided "AS IS" with no warranties, and confers no rights.


     
    David Beder [MSFT], Jul 2, 2007
    #30
  11. For me the reason the firewall wouldn't start was that the BFE service, on
    which it is dependent, wouldn't start. The reason the BFE won't start (I
    suspect) is because the access rights are messed up and the "user" the
    svchost logs on as can't read the file. The problem I am having is trying to
    find the file for BFE, I thought it would be BFE.DLL but that doesn't seem to
    be there on my machine or one where BFE starts.
     
    Richard Turnock, Aug 17, 2007
    #31
  12. Jacob

    usenet Guest

    I also had problems starting the windows firewall service on vista.
    Whenever I tried to start the Vista Firewall Service, the startup
    would fail and the firewall service would log an event id 7024
    (Firewall Service terminated) error in the system event log. The
    specific error code listed in the event was 0x80320023.

    The vista computer in question is a member of a Windows 2003 domain.

    I suspected the problem was related to group policy/local policy. I
    tried the following actions (rebooting after each):
    1) net winsock reset
    from a command prompt.
    2) gpupdate /force
    from a command prompt.
    While both commands completed without problems, the firewall service
    was not fixed.

    I then removed the computer from the domain. The firewall service
    then started successfully.

    I then re-added the computer to the domain. The firewall service
    continued to start successfully.

    So, in my case, the solution was remove/re-add the computer from the
    domain.
     
    usenet, Aug 29, 2007
    #32
  13. Jacob

    DaMnIt Guest

    I also have this problem and have not been able to find a solution. I've
    even tried everything in this thread, including this post with no luck.
    So What is the verdict? Is this going to be chalked up as a VISTA feature?

    Can we get a resolution? How about a clue?
     
    DaMnIt, Sep 17, 2007
    #33
  14. Jacob

    Westiboy Guest

    I am also having the exact same problem.
    I have NOT installed Windows Live One Care, or to my knowledge any other
    firewall service or application.
    I have tried to manually start the Windows Firewall Serve and get the same
    message Jacob is getting.
    This is a Windows Vista Enterprise client, in a Windows Server 2003 SP2
    domain, joined and part of an OU with GPO's applied. As far as I or my
    Network Administrator can tell, none of our Group Policies should have this
    effect.
    Other Windows Vista Enterprise clients in the same Domain/OU,with the exact
    same software, do not have this problem (i.e. Windows Firewall works fine).

    I'd really appreciate any help anyone can provide ASAP as I'm trying to get
    ready to deploy Vista in a few weeks.

    Thanks,
    Aran
     
    Westiboy, Sep 21, 2007
    #34
  15. I am new to this forum, but I have recently encountered this exact sam
    issues with the same parameters that Jacob illustrated

    I am running Windows Vista Business (32bit) upgrade over Windows Vist
    Home Basic on a Toshiba Satellite A215-S7416 Laptop

    This happened when I installed a DVD ripping program that apparentl
    was not intended for Vista (ImToo DVD to MP4 converter). I received a
    error message at the completion of the installation that I ignored--no
    understanding its meaning

    I tried using the program which worked the first time I tried it.
    During my second use of the program within the same instance, m
    computer did a memory dump followed by a reboot. I caught the end o
    the reboot as I was elsewhere when the memory dump occured

    Upon reboot, I received notice that Windows had discovered new hardwar
    and was trying (unsuccessfully) to find a driver for it. I also got th
    warning that Windows Firewall was not started. This "new hardware" wa
    listed as an unknown device in Device Manager. I uninstalled the devic
    and restarted my computer. It again tried to install th
    device--failing to find drivers for it. I chose the option to ignor
    installation on future attempts

    I've read this thread following step by step--as this is the onl
    thread I have discovered on the Internet that exactly matches m
    symptoms and issues

    I've also restored my system to a point prior to the installation o
    the DVD ripping software. This didn't fix the Firewall issue

    I've used several Registry Cleaning tools to no avail

    I've since tried to use a "Vista approved" DVD ripping program, but i
    locks up during the ripping process. I don't know if this issue i
    related to the Firewall issue, but I suspect that it is

    If anyone has had success with correcting this issue I could certainl
    benefit from your experiences

    Thank you
    -Mar
     
    Mister Whiskers, Mar 29, 2008
    #35
  16. Jacob

    naiboz Guest

    Hi all

    I've been reading this thread with great interest as this situation ha
    recently happened to me. I've tried everything mentioned here and othe
    fixes from elsewhere and nothings working, but this seems like a goo
    place to register and get good solid help.

    The problem started when I installed Comodo V3, decided I wasnt happ
    with it and uninstalled it, well that was a barrel of laughs and too
    about 3 days to finally get it completely out of my system.

    But ever since then the firewall won't start.

    The only difference is instead of a service specific error 5, I get
    6801.

    This is the most infuriating issue I've ever had with a windows system
    it just doesnt seem to add up.

    Normally if I had an issue like this on an XP machine I would jus
    reinstall the last service pack or if need be repair the OS, but th
    repair feature in Vista Ultimate64 is really not up to much and u can
    reinstall a SP over itself.

    So I'm totally stuck here, and I really really really really do no
    want to have to install vista from scratch to overcome this.

    If anyone has worked out a solution to this please give me a shout :)

    cheer
     
    naiboz, May 2, 2008
    #36
  17. Jacob

    jaross20 Guest

    This worked for me:

    Go into the registry editor and browse to the following keys. You will
    need to set the permissions for the following account NT Service\MpsSvc.
    The correct value is below the location path.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch

    Query Value;Set Value

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

    Full Control;Read

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy

    Full Control;Read
    For the DHCP Client service, the issue may occur if the “NT
    Service\DHCP” account does not have the necessary permissions for the
    following keys:

    Registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
    permission needed: Query value, Create value, Enumerate Subkeys,
    Notify, Read Control

    Registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations
    permission needed: Full Control, Read

    For the “Diagnostic Policy Service” service, the issue may occur when
    the account Trustedinstaller is missing the permissions for the key
    below:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS\Parameters

    permission needed: Full Control, Read

    Source: http://support.microsoft.com/kb/943996

    Full post can be viewed at:
    http://www.jasonross.name/2008/12/windows-vista-firewall/
     
    jaross20, Dec 5, 2008
    #37
  18. Jacob

    i3laze

    Joined:
    Dec 29, 2008
    Messages:
    1
    Likes Received:
    0
    Solved exactly same issue on Server 2008 Standard :)

    http://support.microsoft.com/kb/943996 helped me.

    I've added MpsSvc: permissions to Set & Query Values for the leaf:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch
     
    i3laze, Dec 29, 2008
    #38
  19. Jacob

    WesStrueb Guest

    Hi, jaross20;

    It is with trepdiation that I would make changes to the registry, bu
    in this case after taking a restore point, I would - except for tw
    things:

    One: I got the 6801 error mentioned above, too - not the error code 5.
    I don't know what difference this would make.

    Two: How do I translate what you;ve posted and what Microsoft has pu
    on its troubleshooting website into actual registry entries?

    eg. you say -
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
    es\SharedAccess\Epoch

    Query Value;Set Value

    What I see in the registry is -

    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi
    es\SharedAccess\Epoch" in the "directory window" on the left, and -
    "(default) REG_SZ (value not set)
    Epoch REG_DWORD 0x0000098b (2443)"

    in the edit window on the right.

    How does what you say relate to what I see?

    I am confused.

    (btw, I'm running Windows Vista Home Premium, on an HP m8120n, w/ 3
    RAM, originally with McAfee Security Center on it, which I pulled of
    recently. Connected to local network via ethernet cable.)

    This may be related to the "Server Error in application "DEFAUL
    WEBSITE" I get on several websites I never got that message on befor
    (like some of HP's links) and on my yahoo messenger advert ur
    window...)

    Anyway, please forgive one who has so far managed to avoided editin
    the registry in the past and so does not know the Rosetta Stone.

    Thank you very much
     
    WesStrueb, Mar 23, 2009
    #39
  20. Jacob

    mparrish Guest

    When you run Regedit and navagate to
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic
    es\SharedAccess\Epoch, you have to Right-Click on EPOCH and select
    Permissions. This will open the permissions for the EPOCH key. Select
    MpsSvc. The permissions for MpsSvc will be displayed with checkmarks
    showing you what level of permission the account has (you make have to
    select the Special Permissions button at the bottom of the Permissions
    window). Make sure that Query Value & Set Value are checked, if they are
    not check them and hit OK. You will need to do this for each Registry
    Key listed in the MS fix.

    Personally, this did not fix my issue as the permissions were set
    correctly.
     
    mparrish, Apr 29, 2009
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.