Windows Firewall/ICS Service Keep Resetting

[Karl Burrows]

Running XP Pro SP2 with all updates. Computer is about 3 months old. For
some reason every time I reboot my computer the Windows Firewall?ICS service
quits working with the following message:

"Windows Firewall settings cannot be displayed because the associated
service is not running. Do you want to start the Windows Firewall/Internet
Connection Sharing (ICS) Service"

I click Yes and get the following message:

"Windows cannot start the Windows Firewall/Internet Connection Sharing
Service (ICS):

I have edited the registry to remove the Security Key, verified the
SharedAccess service is running (and reset the default SD), checked the COM
object to make sure permissions are set properly,etc. I can remove the key
in the registry and reboot and the first time it will function fine, but
each subsequent reboot adds the key back to the registry.

Any thoughts on how to fix this. It is creating havoc on some programs like
Diskeeper that use this service.

Thanks!

 

[Detlev Dreyer]

Running XP Pro SP2 with all updates. Computer is about 3 months old.
For some reason every time I reboot my computer the Windows
Firewall?ICS service quits working with the following message:

Scan your system for malware ASAP. Note that malware, most likely
installed with your administrative(!) privileges, may easily bypass
any anti-virus as well.

 

[Karl Burrows]

Scan your system for malware ASAP. Note that malware, most likely
installed with your administrative(!) privileges, may easily bypass
any anti-virus as well.

I have run every malware and spyware program and nothing is on the computer.
Nothing on the computer. If I try to start the service I now get an error
that "The class is configured to run as a security id different from the
caller."

 

[Detlev Dreyer]

I have run every malware and spyware program and nothing is on the
computer. Nothing on the computer. If I try to start the service I now
get an error that "The class is configured to run as a security id
different from the caller."

See if any of these articles apply, matching more or less the error
messages cited in your original post:

"You cannot start the Windows Firewall service in Windows XP Service
Pack 2" http://support.microsoft.com/kb/892199/en-us

"You cannot start the Windows Firewall service in Windows XP SP2"
http://support.microsoft.com/kb/920074/en-us

 

[Karl Burrows]

See if any of these articles apply, matching more or less the error
messages cited in your original post:

"You cannot start the Windows Firewall service in Windows XP Service
Pack 2" http://support.microsoft.com/kb/892199/en-us

"You cannot start the Windows Firewall service in Windows XP SP2"
http://support.microsoft.com/kb/920074/en-us

I had gone through all that several times including the DCOM check. I think
I finally have figured out the problem. The registry hive was not unloading
when I shut down, so it would not save the registry setting. It kept taking
the cached copy and reloading it. I found a patch on the Microsoft site
that forces the unload (usually due to a program running as a local user).
Seems to be working for now. I have rebooted several times and the settings
appear intact.

I'll post again later to confirm. Thanks for the help!

 

[Detlev Dreyer]

I had gone through all that several times including the DCOM check.
I think I finally have figured out the problem. The registry hive was
not unloading when I shut down, so it would not save the registry
setting. It kept taking the cached copy and reloading it. I found a
patch on the Microsoft site that forces the unload (usually due to a
program running as a local user). Seems to be working for now.

This patch, most likely: "Troubleshooting profile unload issues"
http://support.microsoft.com/kb/837115/en-us
http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

I have rebooted several times and the settings appear intact.

That's interesting. You may also want to check the event viewer in terms
of the (former) occurence of the event IDs 1517, 1524 and/or 1500.

I'll post again later to confirm. Thanks for the help!

Thanks for posting this feed back!