Troubleshooting Windows Firewall Service (MPSSVC).
Resolution:
In Windows Vista and later, the firewall service is “Windows Firewall” (MPSSVC); it combines both Firewall and IPsec functionality.
The first thing to check is that the Base Filtering engine (BFE) is running. There are a number of services dependent on the BFE service (including the Windows Firewall) that may also fail to start:
- IPsec Policy Agent (PolicyAgent)
- Windows Firewall
- IKE and AuthIP IPsec Keying Modules
- Internet Connection Sharing (ICS)
- Routing and Remote Access
In my experience most of the issues starting these services are related to permissions.
Typical errors seen in relation to starting this service are:
- Event ID: 7024 – The Windows Firewall service terminated with service-specific error 5 (0x5)
- Windows could not start the Base Filtering Engine service on Local Computer. Error 5: Access is denied.
- Windows could not start the IPsec Policy Agent service on Local Computer. Error 1068: The dependency service or group failed to start.
- Windows could not start the Network Location Awareness on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -1073741288.
- The Windows Firewall service terminated with service-specific error 87 (0x57)
- Error 0x80004015: The class is configured to run as a security id different from the caller.
- The Windows Firewall service terminated with service-specific error 6801 (0x1A91).
- “net start mpssvc” in cmd.exe returns the system error 1297.
What to look for (specific details will be shared in a future blog post):
- Verify Log On permissions
- Verify registry permissions
- Verify privilege permissions
- Verify Service Dependencies
- Reset the default security permissions
- Verify that the TxR folder exists : %systemroot%\system32\config\TxR
- Verify the following registry keys by comparing them to a default Windows installation:
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShareAccess
Windows OneCare
Lastly, I am including information about one issue that may be seen with the Windows OneCare Firewall Service. The following messages may be seen:
The Windows OneCare Firewall Service Could not Start
Urgent – Turn on Firewall
You will see this error in the Windows OneCare interface, with a red status action item asking you to enable the firewall. The action listed does not enable the firewall, however.
This issue is also very specific because the firewall settings in Windows OneCare are grayed out and cannot be modified.
To resolve this issue:
Use the steps below to ensure that the PATH environment variable contains the following path:
%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
- Click Start / Control Panel and open the System Icon.
- In System, click the Advanced tab and then Environment Variables.
- Ensure that in the lower box “System variables” that PATH exists. If Path does not exist click NEW and type in PATH as the variable name and enter the above path in the variable value.
- If PATH already exists, highlight it and click Edit.
- Under variable name, click at the end of the line to append the above mentioned path to the end of the current path. NOTE: BE SURE TO SEPERATE THE OLD PATH AND THE NEW PATH WITH A SEMI-COLON ( ; ).
- Click OK to close the windows and restart the computer.
If this does not resolve the issue, try the following step:
- Click Start / Run and type Regsvr32 %SystemRoot%\System32\wbem\wmidcprv.dll and click OK.
- Restart the computer and test the firewall again.
If this does not resolve the issue, or if the problem does not match the description, please follow the steps in KB article 910659.
Article taken from technet blogs.