Windows Fails to Start Windows Firewall Service

[Guest]

There is no repair option with Windows Vista (stupid)
I have no restore points.


BFE is running fine
MPSDrv doesn't show up in the service list in task manager, interestingly
enough...
I did sc query MPSDrv instead, and STATE = 4 (Running)
sc query BFE (just for kicks) STATE = 4 (running)

Using the event viewer i found two errors in the last hour from source
Service Control Manager Eventlog Provider. (My computer was turned off for
about 5 hours before this) In the last 7 days these errors have repeated 15
times and 14 times respectively.

One of them seems a bit familiar. "The Windows Firewall service terminated
with service-specific error 5 (0x5)."

The other one says
"The following boot-start or system-start driver(s) failed to load:
i8042prt"

I also have a print error, but it is probably because my printer is turned
off, and an error from source LSM that reads
"Terminal Service start failed. The relevant status code was The service
cannot be started, either because it is disabled or because it has no enabled
devices associated with it.
.."

The print error and the LSM error are also at around 15 repeats in the last
7 days


The Print error says "The print spooler failed to share printer hp psc 1200
series with shared resource name JOSHUA'S PRINTER. Error 2114. The printer
cannot be used by others on the network."

Somehow not surprised here, i couldn't get it to share the printer.

I noticed a strange side-effect of perhaps having the firewall as messed up
as it is right now, I can't succesfully open ports on this computer, and I'm
100% sure I'm forwarding properly and setting up my static IP properly.

On a side note, I'm going away for 5 weeks as of saturday so I may be idle
for a while.

Thanks Mr. Beder

I've always wondered what passwords were used also. I think they're
auto-generated by the system.

Might you have any restore points you can go back to?
I haven't tried this in Vista, but in older versions of Windows, if you ran
the setup cd again, you got a repair option that might put things back into
order. Since Windows Firewall is part of the OS, you can't really just
re-install just that service.

On a slightly different note, how are the states of the BFE and MPSDrv
services?
Anything in the audit logs (ie eventvwr) about this services actually
starting early during the boot sequence? One of the guys I work with was
curious as to whether the service was crashing before you even got to log
on, thus using up the 2-3crashes per boot quota.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.

Is there no way to simply reinstall the firewall, overriding the old
install,
with original settings?

That way we could eliminate the firewall as the source of the problem,
methinks.

Furthermore, what password goes in those boxes? I never entered one, so do
not know what it is, and could it be possible that a virus adjusted just
the
password field?

Those are the default settings as I recall, so something doesn't appear
to
have 'adjusted' the service.

maybe the issue is with mpsdrv, but I'd have thought you'd get a
different
error about a dependant service not being able to start.

maybe the issue is with registry access.

This is rather strange. I'll ask around and see if anyone can think of
other
things to check.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no
rights.


sc qc mpssvc returns:

C:\Users\Jacob>sc qc mpssvc
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k
LocalServiceNoNe
twork
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Windows Firewall
DEPENDENCIES : mpsdrv
: bfe
SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Users\Jacob>


Under the Log On tab for the Firewall service, "This Account" is
selected
and the account name "Local Service" with a password written in is
entered.

Recovery:
First Failure- Restart Service
2nd - Restart Service
Susequent - Take no action

Fail count reset every day, and the delay between failure restarts is 2
minutes.
The "Enable actions for stopes with errors." is not checked, and the
rest
is
grayed out.
:

interesting.
how about some output from "sc qc mpssvc". I'm particularly interested
in
the value for service_start_name.

Also, if you can fire up the services control panel, what are the
settings
on the log-on and recovery tabs?

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no
rights.


Microsoft Windows [Version 6.0.6000]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\Jacob>sc query mpssvc

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1066 (0x42a)
SERVICE_EXIT_CODE : 5 (0x5)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

C:\Users\Jacob>net start mpssvc
The Windows Firewall service is starting.
The Windows Firewall service could not be started.

A service specific error occurred: 5.

More help is available by typing NET HELPMSG 3547.


C:\Users\Jacob>sc query mpssvc

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1066 (0x42a)
SERVICE_EXIT_CODE : 5 (0x5)
CHECKPOINT : 0x0
WAIT_HINT : 0x0


:

Error 5 is typically 'Access Denied'.
from an elevated command prompt, type 'net start mpssvc <enter>'.
If
the
service doesn't start, type 'sc query mpssvc <enter>' and reply
back
with
the output.

Even if the service does start, we still need to investigate why it
didn't
start on its own.
There are many reasons for it not to start. The easy ones are:
1) another firewall on the box has turned it off to prevent
configuration
conflicts between the two programs.
2) a service the firewall depends on is not starting
3) a security profile has been applied to the machine which
disables
the
service
4) domain group policy has turned it off


--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no
rights.


When I try to start windows fire wall i get a pop up telling me
the
service
isn't running, and I tell the pop-up to start the service.

It then says that the service has failed to start.

It gives me the service-specific error code 5. (0x5)

Any ideas on how to fix this?
Any way to reinstall the windows firewall service?

 

[Guest]

Glad to have finally found this thread. I am having the same issue as
Jacob. I am getting the same output from the "SC XX" query commands. This
is the only Vista machine in a 2K3 domain. No errors reported from group
policy and no changes to policy in months. Error began on am of 5/29/07.
While I regularly install/uninstall various products, and sure, any of them
could be an issue, none would have been security related as I find the
Windows firewall adequate to my needs. No reported spyware via defender or
adaware which I installed first time this evening. Machine is a thinkpad
t60p with Vista business clean install. Any help/thoughts would be greatly
appreciated.


John Galley
JWG Consulting, LLC
443-451-3378

 

[Guest]

Heh, I'm not the only one!!

 

[David Beder [MSFT]]

this might be a dead end given that mpsdrv is running, but could you post
back with the contents of the security regkey for mpssvc?
hkey_local_machine\system\currentcontrolset\services\mpssvc\security

you can export the contents to a text file from one of the File options in
regedit, then copy them from notepad.

if the output isn't too huge, I wouldn't mind seeing all the settings for
the service (ie, ...\services\mpssvc)

thanks

 

[Guest]

Here are the contents of the registry key you requested.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:0000002
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
65,00,00,00,00,00
"ServiceSidType"=dword:0000000
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\
00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\
72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\
00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\
00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\
53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\
00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\
65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\
6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,0
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]
"Collection"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\
00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\
0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum]
"0"="Root\\LEGACY_MPSSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
--
John Galley
JWG Consulting, LLC
443-451-3378

 

[Guest]

I also have this problem. I think it started when I uninstalled and
reinstalled Windows One Care which has it's own Firewall. I used a program
that One Care tech said to use called clean windows one care. I noticed that
Windows Firewall was no longer there after uninstalling Windows One Care.
When I have Windows One Care installed their Firewall works. One Care showes
up in the services. When I uninstall One Care there is no Firewall in
services. When I go to Control Panel and try to turn on Firewall it say it's
not running. I can't even turn it on because it's not in Services. Have you
found anythin new?

 

[Guest]

Also when I checked the Registry Key that David noted I have no
mpssvc\security under services.

 

[Guest]

When I try to start windows fire wall i get a pop up telling me the service
isn't running, and I tell the pop-up to start the service.

It then says that the service has failed to start.

It gives me the service-specific error code 5. (0x5)

Any ideas on how to fix this?
Any way to reinstall the windows firewall service?

 

[Guest]

I am also having this problem. It started after my machine started prompting
for a driver for some hardware, even though I haven't added any new hardware.

 

[David Beder [MSFT]]

well, I'm not finding anything out of the ordinary with these regkeys.

the next step will be to try and gather some output from the service before
it shuts down. unfortunately that might not be trivial and I need to
investigate exactly how to do this.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.

Here are the contents of the registry key you requested.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]
"DisplayName"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23090"
"Group"="NetworkProvider"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\

74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\

00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\

6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
00,65,00,4e,00,6f,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,00,00
"Description"="@%SystemRoot%\\system32\\FirewallAPI.dll,-23091"
"ObjectName"="NT Authority\\LocalService"
"ErrorControl"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):6d,00,70,00,73,00,64,00,72,00,76,00,00,00,62,00,66,00,\
65,00,00,00,00,00
"ServiceSidType"=dword:00000003
"RequiredPrivileges"=hex(7):53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,\

00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,\

72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,75,\

00,64,00,69,00,74,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\

00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,\

00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,\

53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,\

00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,\

65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,\

00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,\

6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,\
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\

00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\

00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
6d,00,70,00,73,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceDllUnloadOnStop"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap]
"Collection"=hex:87,00,01,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Parameters\PortKeywords\Teredo]
"Collection"=hex:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Security]
"Security"=hex:01,00,14,80,b4,00,00,00,c0,00,00,00,14,00,00,00,30,00,00,00,02,\

00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\

00,00,02,00,84,00,05,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\

05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\

20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\

00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,15,00,\

00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,\

0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,\
00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc\Enum]
"0"="Root\\LEGACY_MPSSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
--
John Galley
JWG Consulting, LLC
443-451-3378

this might be a dead end given that mpsdrv is running, but could you post
back with the contents of the security regkey for mpssvc?
hkey_local_machine\system\currentcontrolset\services\mpssvc\security

you can export the contents to a text file from one of the File options
in
regedit, then copy them from notepad.

if the output isn't too huge, I wouldn't mind seeing all the settings for
the service (ie, ...\services\mpssvc)

thanks


--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[Guest]

For me the reason the firewall wouldn't start was that the BFE service, on
which it is dependent, wouldn't start. The reason the BFE won't start (I
suspect) is because the access rights are messed up and the "user" the
svchost logs on as can't read the file. The problem I am having is trying to
find the file for BFE, I thought it would be BFE.DLL but that doesn't seem to
be there on my machine or one where BFE starts.

 

[usenet]

I also had problems starting the windows firewall service on vista.
Whenever I tried to start the Vista Firewall Service, the startup
would fail and the firewall service would log an event id 7024
(Firewall Service terminated) error in the system event log. The
specific error code listed in the event was 0x80320023.

The vista computer in question is a member of a Windows 2003 domain.

I suspected the problem was related to group policy/local policy. I
tried the following actions (rebooting after each):
1) net winsock reset
from a command prompt.
2) gpupdate /force
from a command prompt.
While both commands completed without problems, the firewall service
was not fixed.

I then removed the computer from the domain. The firewall service
then started successfully.

I then re-added the computer to the domain. The firewall service
continued to start successfully.

So, in my case, the solution was remove/re-add the computer from the
domain.

 

[Guest]

I also have this problem and have not been able to find a solution. I've
even tried everything in this thread, including this post with no luck.
So What is the verdict? Is this going to be chalked up as a VISTA feature?

Can we get a resolution? How about a clue?

 

[Guest]

I am also having the exact same problem.
I have NOT installed Windows Live One Care, or to my knowledge any other
firewall service or application.
I have tried to manually start the Windows Firewall Serve and get the same
message Jacob is getting.
This is a Windows Vista Enterprise client, in a Windows Server 2003 SP2
domain, joined and part of an OU with GPO's applied. As far as I or my
Network Administrator can tell, none of our Group Policies should have this
effect.
Other Windows Vista Enterprise clients in the same Domain/OU,with the exact
same software, do not have this problem (i.e. Windows Firewall works fine).

I'd really appreciate any help anyone can provide ASAP as I'm trying to get
ready to deploy Vista in a few weeks.

Thanks,
Aran