hi guys, firewall in windows 2008 not starting with these error:

Windows could not start the windows firewall on local computer.

for more information, review the system event lof. if this is a

non-microsoft service, contact the service vendor, and refer to

service-specific errror code 5

any help is greatly appreciated. thanks.

What changes prompted the error? Have you tried to start the service manually? Are the dependencies running?

dependencies are working fine, tried also to start manually doesn't help. one reason that i could think of why this error occurs was due to recent virus problem. but now the system is quite stable only the windows firewall is not working.
Thanks.

tried sc query mpsssvc:

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1066 (0x42a)
SERVICE_EXIT_CODE : 5 (0x5)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

any ideas?

Take a peek at your drivers. View hidden devices and look under Non-PNP devices for drivers with warnings. I usually just delete any, but would leave that to your discretion.

If that doesn't work, I would look at what is running on the system. I assume Hijackthis will run on 2008?

Let us know... Good Luck.

dependencies are working fine, tried also to start manually doesn't help. one reason that i could think of why this error occurs was due to recent virus problem. but now the system is quite stable only the windows firewall is not working.
Thanks.

tried sc query mpsssvc:

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1066 (0x42a)
SERVICE_EXIT_CODE : 5 (0x5)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

any ideas?

Error 5 is "Access Denied" - this can be the result of permissions changing on files or in the registry. You might want to review this Vista KB article for more information.. it's very closely related to W2K8 configuration and discusses the proper registry permission settings to resolve this error.

When you cleared the virus, were files replaced or restored? Did the tools (or the virus) change permissions anywhere? Since the KB article defines the required permissions, it would be easy to check.

Glenn

hi gbarnas, thanks for the reply. I suppose the virus change permissions anywhere because before the MpssVc registry some keys were missing. Before actually, the error was :

error 1079: the account specified for this service is different from the account specified for the other services running in the same process

Then I exported MpssVc registry then this error came up.
But regarding the Vista KB Article, all permissions are set. No issues.

Right now, i'm really running out of ideas how to get rid of this error.

@techsheaven:
NonPnp Devices are working fine.

Thank guys for your replies. Please help.

Try and install another firewall, i use COMODO which is free and you can get it from here. There are more free firewalls, but COMODO is my favourite. Questions that you might want to think about?

1. Have you been downloading/installing files/programs from untrusted locations or in other words, torrents and other untrusted sources.
2. Have you been visiting untrusted websites, like hacking websites or pornography websites.

Consider those 2 questions, don't tell us what you've doing, but I suppose you're being RATed. If you are, you need to consider to format you PC. Nevertheless, if you are being RATed, I recommend you to disconnect your computer from the Internet, and try to find the problem, you can do it, by using programs or even by yourself. Good luck.

hI Dan08, neither of those assumptions that you had said was done.

One possible reason i can think of why the system was infected by a virus because they had put a file sharing folder on the server itself which was a very bad idea. (file sharing setup was done before i joined this co.)

One of the user put a file on the folder which got a virus. The server got AV but it didn't help.

I'm looking into some registry keys of the firewall but still haven't make the changes. Some keys i compared to a fresh win2k8 installation is different from my server so i suppose this could be the problem.
:)

Windows 2k8 firewall is substantially different from "Windows Firewall" on other systems such as XP and 2K3. Replacing it with another firewall is not likely going to help. Many Windows components are now firewall aware and will not operate fully without the firewall running. Case in point - someone here at work turned off the FW on a 2K8 server to run backups and GPOs failed to apply because it did not trust the source. I enabled the FW (and defined a rule for the backups) and everything is fine - GPOs applied within a few seconds.

The 1079 error comes when a service starts with one account (Such as a service account) and then spawns a child process using a different account, such as SYSTEM. Sometimes this is normal, but not for the 2k8 firewall.

If you can't restore all of the files, permissions, and registry settings from a comparable system, I'd suggest reloading the OS. The FW is an integral and critical component in 2k8 systems and not something to leave in a corrupt state.

Glenn

I also had the error 1079 on a Windows Server 2008 R2 and solved the Problem by changeing the account used by the Firewall Service from "Network Service" to "Local Service" (Not "Local System"!) After changeing this I was able to start the service - no need for OS-Reinstallation.

Greetz

Solver

hi solver, had done that but to no avail. now i'm just depending on Norton SEP firewall..

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.