A
Anonymous
Hi all!
Ive a BIG problem with "Protected Storage" service on Windows 2000 Pro. It doesnt want to start. When I try to start it, and then go to the Event viewer, I have this message:
Origin: Service Control
Event Id: 7024
Description: The Protected Storage Service terminated with service-specific error
2148270091.
I tried the solution I found at
http://support.microsoft.com/defaul...kben-us244610
with no success.
I removed every registry key related to protected storage, and I deleted pstores.exe and psbase.dll in winntsystem32 folder. I also uninstalled Internet Explorer, Outlook Express and Internet Information Server 4.
I rebooted, then I reinstalled the service pack 4 for Windows 2000, then IIS and IE 6 sp1.
No luck. When I tried to start Protected Storage I received a "file not found error", because IE installation didnt create a new pstores.exe file.
I manually extracted it from a cab file (ie_s5.cab), and also made a "pstores -install" at command prompt. After this, I returned to the previous 2148270091 error.
I tried also to change permissions on registry keys, but this service still doesnt start.
I really NEED it because IIS will refuse to start without "Protected Storage" loaded and running.
What else can I try? I dont want to reinstall Windows, I have too many applications/servers installed and running, plus many Mb of works, emails etc etc..... THERE MUST BE ANOTHER WAY......
Probably this error is related to a wrong/missing registry key. Can you help me?????
Thanks to anyone that will post a possible solution
----------
Might be a permissions/rights thing. Did you lock the box down? Make any other changes before it stopped working? Apply any patches?
Try applying basicwk or compatws secuirty templates via the Security Configuration and Analysis snap-in (start>run MMC then add snap-in ).
----------
Thank you for your suggestion. I made all you told me to do, but even after changing permissions the error persists....
Any other idea?
thx
----------
So when you first log in is it stopped... not started or starting?
Do you get a different error message if you start it from the command line?
c:> net start protectedstorage
The start type is set to automatic right? Do you get the same results if you log in as a different user?
It might be something with the service properties, but realistically you should consider doing a repair. You dont have to install fresh, but it looks like youve tried just about everything else.
----------
quote:
--------------------------------------------------------------------------------
Originally posted by novice000
I rebooted, then I reinstalled the service pack 4 for Windows 2000, then IIS and IE 6 sp1.
--------------------------------------------------------------------------------
It may not be relevant, but you should apply the SP last.
----------
I tried to fix the registry by exporting all protected storage keys from a Windows XP machine and importing them into Windows 2000.
The key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic
esProtectedStorageImagePath is set to SystemRootsystem32lsass.exe
Now when I start the service I receive this error:
Error 1053: The Service did not respond to the start or control request in a timely fashion."
If I change it to SystemRootsystem32pstores.exe I receive an error code equal to -2146697205 (The connection to the server timed out)
So when you first log in is it stopped... not started or starting?
It is stopped
Do you get a different error message if you start it from the command line?
c:> net start protectedstorage
I receive the error "The service is not responding to the control function. More help is available by typing NET HELPMSG 2186."
The start type is set to automatic right?
yes
Do you get the same results if you log in as a different user?
yes
One question:
whats the default value for HKLMsystemcurrentcontrolsetservicesprotectedst
orageimagepath? Is it "systemrootsystem32lsass.exe" or "systemrootsystem32pstores.exe"?
Now the keys I imported from XP:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_PROTECTEDSTORAGE
"NextInstance"=dword:00000001
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_PROTECTEDSTORAGE0000
"Service"="ProtectedStorage"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="8ECC055D-047F-11D1-A537-0000F8753ED1"
"DeviceDesc"="Protected Storage"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_PROTECTEDSTORAGE0000Control
"ActiveService"="ProtectedStorage"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic
esProtectedStorage
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users."
"DisplayName"="Protected Storage"
"ErrorControl"=dword:00000001
"ImagePath" =hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,
52,00,6f,00,6f,00,
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d
,00,33,00,32,00,5c,00,6c,
00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00
,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServi
cesProtectedStorageSecurity
"Security" =hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,
00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01
,00,00,00,00,00,01,00,00,
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02
,00,01,01,00,00,00,00,00,
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00
,00,00,00,05,20,00,00,00,
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00
,00,00,05,20,00,00,00,20,
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00
,00,05,12,00,00,00,01,01,
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00
,05,12,00,00,00
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServi
cesProtectedStorageEnum
"0"="RootLEGACY_PROTECTEDSTORAGE0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
HKEY_LOCAL_MACHINESYSTEMSetupAllowStartProtec
tedStorage
----------
You didnt respond to my post, but it IS relevant.
1. The MS/KB article refers to NT4. W2K doesnt use PSTORES.EXE
2. By installing IE after SP4, you may have replaced the correct PSBASE.DLL with an older version.
3. You should always install the service pack AFTER making other repairs/installs of OS-related software.
4. PS service depends on RPC service. Its possible you may have a virus or trojan thats affected the RPC service.
----------
Now Ill search for the latest psbase.dll version.
Thanks for suggestions.
----------
Problem not resolved
It seems I have the latest version of psbase.dll.
While surfing the net I found that the right executable to put into the registry (in the Protected Storage service section) is "services.exe". Is it right?
But when I execute "pstores -install", it turns back to "pstores.exe". Sigh!
What else can I try?
----------
Youve made quite a few changes. Some with out regard to OS (NT, XP). Ive also seen your posts on a bunch of other forums. It might be time to admit defeat on this one.
Not sure if this will help you, but I have attached registry entries dealing with the protected storage service on my box.
For the legacy drivers section I have the registry text, but it doesnt show up in Device Manager as a "Non-Plug and Play Driver".
To answer your specific question I have services.exe. I think pstores is a NT thing.
----------
Thank you very much for your help.
I merged into registry the keys you posted in this forum, and now the error message changed into:
"Could not start the Protected Storage service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator."
What does it mean? No errors, but no start. Very strange.....
And no errors in Event Viewer....
If I type "net start protectedstorage" in a command window, I get this message:
"The requested service has already been started."
But if I request the running services list with "net start", the protected storage service doesnt appear.
It seems the system believes (but only in a shell window) that this service is running, while its stopped.
----------
EUREKA!!! IT WORKS!!!
It finally works!!!
After "merging" the registry keys you sent me, I reinstalled IIS and voil! The protected storage service was started and its running!!!
T-H-A-N-K Y-O-U!!!!!!!!!!!!!!!!!!!!!!
But this is a neverending story.
The IIS service is running too, but when I try to load the IIS interface, I receive "the system cannot find the path specified".
Then the GUI starts, but Im not able to connect to my computer.
I suspect its a metabase problem, but I dont know how to fix it.
In the event viewer I have these errors:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
User: N/A
Computer: COMPUTER
Description:
The Simple Mail Transport Protocol (SMTP) service
terminated with the following error:
The system cannot find the path specified.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
User: N/A
Computer: COMPUTER
Description:
The Simple Mail Transport Protocol (SMTP) service hung on
starting.
Event Type: Error
Event Source: SMTPSVC
Event Category: None
Event ID: 116
User: N/A
Computer: COMPUTER
Description:
The service metabase path /LM/SMTPSVC/ could not be
opened. The data is the error code.
For additional information specific to this message please
visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
Data:
0000: 03 00 00 00 ....
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
User: N/A
Computer: COMPUTER
Description:
The FTP Publishing Service service terminated with the
following error:
The system cannot find the path specified.
Event Type: Error
Event Source: MSFTPSVC
Event Category: None
Event ID: 116
User: N/A
Computer: COMPUTER
Description:
The service metabase path /LM/MSFTPSVC/ could not be
opened. The data is the error code.
For additional information specific to this message please
visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
Data:
0000: 03 00 00 00 ....
Im not able to find a solution to this problem in MS KB. If I click on the link I get only a "page not found" on MS site.
Please help me again!!!!
----------
Update
Hi,
problem partially solved.
I removed the directory
C
ocuments and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeys
then I started the "NT LM Security Support Provider" service and re-installed IIS.
Now I can connect to my computer. All ok? No.
When I try to recall a page on the server I get this error in IE:
Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.
In the event viewer:
Category: error
Event ID:10010
Description: The server 3D14228D-FBE1-11D0-995D-00C04FD919C1 did not register with DCOM within the required timeout.
and
Category: warning
Event ID: 36
Description: The server failed to load application /LM/W3SVC/1/ROOT. Server execution failed.
I tried this solution http://support.microsoft.com/defaul...kben-us327153 , but it doesnt work.
It surely is a permissions problem. If I add the IUSR and IWAM users to the Administrators group, I can see ASP pages on the server! The same happens if I set "Low protection" in the properties of the default web site.. But I dont think its the ideal solution!
I tried setting the permissions suggested at
http://support.microsoft.com/defaul...EN-US27107111
but it doesnt work!!!
I tried also to synchronize passwords, no way...
If I stop the World Wide Web Publishing Service and I select the Medium (pooled) security level in default web site properties, it works! Why?
I found also an interesting article at http://www.winnetmag.com/Web/Articl...4474/24474.html
but the suggested solutions dont work!
One question: which group the IWAM and IUSR accounts belong to?
-=-
Ive a BIG problem with "Protected Storage" service on Windows 2000 Pro. It doesnt want to start. When I try to start it, and then go to the Event viewer, I have this message:
Origin: Service Control
Event Id: 7024
Description: The Protected Storage Service terminated with service-specific error
2148270091.
I tried the solution I found at
http://support.microsoft.com/defaul...kben-us244610
with no success.
I removed every registry key related to protected storage, and I deleted pstores.exe and psbase.dll in winntsystem32 folder. I also uninstalled Internet Explorer, Outlook Express and Internet Information Server 4.
I rebooted, then I reinstalled the service pack 4 for Windows 2000, then IIS and IE 6 sp1.
No luck. When I tried to start Protected Storage I received a "file not found error", because IE installation didnt create a new pstores.exe file.
I manually extracted it from a cab file (ie_s5.cab), and also made a "pstores -install" at command prompt. After this, I returned to the previous 2148270091 error.
I tried also to change permissions on registry keys, but this service still doesnt start.
I really NEED it because IIS will refuse to start without "Protected Storage" loaded and running.
What else can I try? I dont want to reinstall Windows, I have too many applications/servers installed and running, plus many Mb of works, emails etc etc..... THERE MUST BE ANOTHER WAY......
Probably this error is related to a wrong/missing registry key. Can you help me?????
Thanks to anyone that will post a possible solution
----------
Might be a permissions/rights thing. Did you lock the box down? Make any other changes before it stopped working? Apply any patches?
Try applying basicwk or compatws secuirty templates via the Security Configuration and Analysis snap-in (start>run MMC then add snap-in ).
----------
Thank you for your suggestion. I made all you told me to do, but even after changing permissions the error persists....
Any other idea?
thx
----------
So when you first log in is it stopped... not started or starting?
Do you get a different error message if you start it from the command line?
c:> net start protectedstorage
The start type is set to automatic right? Do you get the same results if you log in as a different user?
It might be something with the service properties, but realistically you should consider doing a repair. You dont have to install fresh, but it looks like youve tried just about everything else.
----------
quote:
--------------------------------------------------------------------------------
Originally posted by novice000
I rebooted, then I reinstalled the service pack 4 for Windows 2000, then IIS and IE 6 sp1.
--------------------------------------------------------------------------------
It may not be relevant, but you should apply the SP last.
----------
I tried to fix the registry by exporting all protected storage keys from a Windows XP machine and importing them into Windows 2000.
The key
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic
esProtectedStorageImagePath is set to SystemRootsystem32lsass.exe
Now when I start the service I receive this error:
Error 1053: The Service did not respond to the start or control request in a timely fashion."
If I change it to SystemRootsystem32pstores.exe I receive an error code equal to -2146697205 (The connection to the server timed out)
So when you first log in is it stopped... not started or starting?
It is stopped
Do you get a different error message if you start it from the command line?
c:> net start protectedstorage
I receive the error "The service is not responding to the control function. More help is available by typing NET HELPMSG 2186."
The start type is set to automatic right?
yes
Do you get the same results if you log in as a different user?
yes
One question:
whats the default value for HKLMsystemcurrentcontrolsetservicesprotectedst
orageimagepath? Is it "systemrootsystem32lsass.exe" or "systemrootsystem32pstores.exe"?
Now the keys I imported from XP:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_PROTECTEDSTORAGE
"NextInstance"=dword:00000001
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_PROTECTEDSTORAGE0000
"Service"="ProtectedStorage"
"Legacy"=dword:00000001
"ConfigFlags"=dword:00000020
"Class"="LegacyDriver"
"ClassGUID"="8ECC055D-047F-11D1-A537-0000F8753ED1"
"DeviceDesc"="Protected Storage"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetEnum
RootLEGACY_PROTECTEDSTORAGE0000Control
"ActiveService"="ProtectedStorage"
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServic
esProtectedStorage
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users."
"DisplayName"="Protected Storage"
"ErrorControl"=dword:00000001
"ImagePath" =hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,
52,00,6f,00,6f,00,
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d
,00,33,00,32,00,5c,00,6c,
00,73,00,61,00,73,00,73,00,2e,00,65,00,78,00,65,00
,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000002
"Type"=dword:00000120
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServi
cesProtectedStorageSecurity
"Security" =hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,
00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01
,00,00,00,00,00,01,00,00,
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02
,00,01,01,00,00,00,00,00,
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00
,00,00,00,05,20,00,00,00,
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00
,00,00,05,20,00,00,00,20,
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00
,00,05,12,00,00,00,01,01,
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00
,05,12,00,00,00
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServi
cesProtectedStorageEnum
"0"="RootLEGACY_PROTECTEDSTORAGE0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
HKEY_LOCAL_MACHINESYSTEMSetupAllowStartProtec
tedStorage
----------
You didnt respond to my post, but it IS relevant.
1. The MS/KB article refers to NT4. W2K doesnt use PSTORES.EXE
2. By installing IE after SP4, you may have replaced the correct PSBASE.DLL with an older version.
3. You should always install the service pack AFTER making other repairs/installs of OS-related software.
4. PS service depends on RPC service. Its possible you may have a virus or trojan thats affected the RPC service.
----------
OK so I have to use lsass.exe in registry
The version number of PSBASE.DLL in my system32 folder is 5.0.2195.6661. I dont know if its the latest.
I re-installed SP4 after all other updates (as you told me) but I still get the error.
I have the Kaspersky antivirus, and its updated daily.
Now Ill search for the latest psbase.dll version.
Thanks for suggestions.
----------
Problem not resolved
It seems I have the latest version of psbase.dll.
While surfing the net I found that the right executable to put into the registry (in the Protected Storage service section) is "services.exe". Is it right?
But when I execute "pstores -install", it turns back to "pstores.exe". Sigh!
What else can I try?
----------
Youve made quite a few changes. Some with out regard to OS (NT, XP). Ive also seen your posts on a bunch of other forums. It might be time to admit defeat on this one.
Not sure if this will help you, but I have attached registry entries dealing with the protected storage service on my box.
For the legacy drivers section I have the registry text, but it doesnt show up in Device Manager as a "Non-Plug and Play Driver".
To answer your specific question I have services.exe. I think pstores is a NT thing.
----------
Thank you very much for your help.
I merged into registry the keys you posted in this forum, and now the error message changed into:
"Could not start the Protected Storage service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, contact your system administrator."
What does it mean? No errors, but no start. Very strange.....
And no errors in Event Viewer....
If I type "net start protectedstorage" in a command window, I get this message:
"The requested service has already been started."
But if I request the running services list with "net start", the protected storage service doesnt appear.
It seems the system believes (but only in a shell window) that this service is running, while its stopped.
----------
EUREKA!!! IT WORKS!!!
It finally works!!!
After "merging" the registry keys you sent me, I reinstalled IIS and voil! The protected storage service was started and its running!!!
T-H-A-N-K Y-O-U!!!!!!!!!!!!!!!!!!!!!!
But this is a neverending story.
The IIS service is running too, but when I try to load the IIS interface, I receive "the system cannot find the path specified".
Then the GUI starts, but Im not able to connect to my computer.
I suspect its a metabase problem, but I dont know how to fix it.
In the event viewer I have these errors:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
User: N/A
Computer: COMPUTER
Description:
The Simple Mail Transport Protocol (SMTP) service
terminated with the following error:
The system cannot find the path specified.
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
User: N/A
Computer: COMPUTER
Description:
The Simple Mail Transport Protocol (SMTP) service hung on
starting.
Event Type: Error
Event Source: SMTPSVC
Event Category: None
Event ID: 116
User: N/A
Computer: COMPUTER
Description:
The service metabase path /LM/SMTPSVC/ could not be
opened. The data is the error code.
For additional information specific to this message please
visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
Data:
0000: 03 00 00 00 ....
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
User: N/A
Computer: COMPUTER
Description:
The FTP Publishing Service service terminated with the
following error:
The system cannot find the path specified.
Event Type: Error
Event Source: MSFTPSVC
Event Category: None
Event ID: 116
User: N/A
Computer: COMPUTER
Description:
The service metabase path /LM/MSFTPSVC/ could not be
opened. The data is the error code.
For additional information specific to this message please
visit the Microsoft Online Support site located at:
http://www.microsoft.com/contentredirect.asp.
Data:
0000: 03 00 00 00 ....
Im not able to find a solution to this problem in MS KB. If I click on the link I get only a "page not found" on MS site.
Please help me again!!!!
----------
Update
Hi,
problem partially solved.
I removed the directory
C
ocuments and SettingsAll UsersApplication DataMicrosoftCryptoRSAMachineKeysthen I started the "NT LM Security Support Provider" service and re-installed IIS.
Now I can connect to my computer. All ok? No.
When I try to recall a page on the server I get this error in IE:
Server Application Error
The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance.
In the event viewer:
Category: error
Event ID:10010
Description: The server 3D14228D-FBE1-11D0-995D-00C04FD919C1 did not register with DCOM within the required timeout.
and
Category: warning
Event ID: 36
Description: The server failed to load application /LM/W3SVC/1/ROOT. Server execution failed.
I tried this solution http://support.microsoft.com/defaul...kben-us327153 , but it doesnt work.
It surely is a permissions problem. If I add the IUSR and IWAM users to the Administrators group, I can see ASP pages on the server! The same happens if I set "Low protection" in the properties of the default web site.. But I dont think its the ideal solution!
I tried setting the permissions suggested at
http://support.microsoft.com/defaul...EN-US27107111
but it doesnt work!!!
I tried also to synchronize passwords, no way...
If I stop the World Wide Web Publishing Service and I select the Medium (pooled) security level in default web site properties, it works! Why?
I found also an interesting article at http://www.winnetmag.com/Web/Articl...4474/24474.html
but the suggested solutions dont work!
One question: which group the IWAM and IUSR accounts belong to?
-=-