Windows 8 Back to Windows Firewall?

MikeHawthorne

Essential Member
Microsoft Community Contributor
Joined
May 25, 2009
Location
Ada Michigan
Hi

I'm still trying to get the Windows Firewall to work.
I've resolved the Password Issue and have a password that it will except.

I still can't get the service to start and I don't have any other ideas.

Here's what I've got.

I'm pretty sure Local Service is the correct ID.

01 Services.JPG

Then...

02 Properties.JPG

Next...

03 Log On.JPG

Followed by...

09 Error Message.JPG

Error Log...

10 Error Log Normal Service setting..JPG

16 Typical Logon Running Service.JPG

If I use any other ID...

I get a different error saying that the ID is different then the ID running in other Services.

14 Error Log Different ID Service setting..JPG

So I'm sure that Local Service is the correct ID, it excepts my password.
But it says that I can't log in because access is denied?

Anyone have any idea how I can resolve this.

Here's a shot that shows the IDs on my computer, I tried all of them.

13 Find Now.JPG

The only one that doesn't give me the ID doesn't match is the Local Service one.

Any help appreciated.
I've spent several weeks getting everything installed, I don't want to start over, if it comes to that I'll just forget that this is Windows 8 and ignore all the Metro services completely until such time that I have no choice but to do a clean install for some reason.

Mike

Ps how do I get rid of attachments like the one under this....
 

Attachments

  • 05 Advanced.jpg
    05 Advanced.jpg
    218.6 KB · Views: 519
Last edited by a moderator:
Just another PS...

I logged into the Administrator account through the command Window.
It was a lengthy process since I have never done it on this computer before.

I really gave me a clean new user desktop with nothing from my other install.

I still got the same error when I tried to start the Windows Firewall in the Administrator account.
And it was not running when I logged in.

Mike
 
Don't know if I or anyone has mentioned this. If you are certain you have removed all traces of Non-MS anti virus, have you looked in the Action centre? After a problem such as yours, has been resolved, it usually pops up with a message that you firwall is off , with an option to turn it on.
 
Hey Mike.
I know you've been beating on this issue for a while now and am not sure if you have tried this or not but take a look for the presents of the Windows Firewall Authorization Driver mpsdrv.sys.
It should be located here C:\Windows\System32\Drivers|mpsdrv.sys
If present then run the System Information Utility (msinfo32) and determine its' status (state).... should say "running".
mpsdrv Windows Firewall Authorization Driver c:\windows\system32\drivers\mpsdrv.sys Kernel Driver Yes Manual Running OK Normal No Yes

Expand Software Environment and then click System Drivers
 
Last edited by a moderator:
Hi

I found the driver in the System32 folder.

I wonder if this could have anything to do with permissions?

Trusted Installer.JPG

I see that someone called Trusted Installer has full access to this driver, but everyone else is limited to....

Mpsdrv sys.jpg

I'll go and try and do the rest of what you suggested next.

Mike
 
It may have something to do with permissions, but more like registry key permissions than the actual driver file itself.
Read this and check the two registry key permissions with respect to both your user account which I will assume is a member of the Administrator's Group and maybe more importantly the special permissions granted to the MpsSvc account.
The FixIt file will probably not work on your Windows 8 install but the two registry keys are the same as per the article on my install so you should have a look manually and see if things are set properly.
Some services do not start in Windows Vista and Windows 7
 
Hi Trouble

When I looked at the fixit file, as you suspected it said that it won't work with Windows 8 at this time.

I went through the manual stuff and changed pretty much everything to allow every user to have permission to access the firewall.
It still won't start, I guess I'll just give up on it.

At a certain point the instructions no longer applied because the interface in Windows 8 is different, (probably why the Fixit file won't work) so at that point I had to just click on the allow button and quit.

The way the Metro thing works it's pretty much useless if you can't start the Windows Firewall since it won't let you download any apps without it.

The thing that I found mystifying was that when I opened the Administrator account, which in the full version of Windows 8 is really a separate account with a new desktop and nothing picked up from the normal user account, the firewall was still not working, and would not start.

So I just don't have any idea what is keeping it from starting.
And I'm not sure what made it stop, I thought that installing Net Framework 1.1 was the reason that it quit but I'm not sure that is the problem now.

I ran Net Framework 1.1 in the earlier version with no problems.

And it does give the reason as Access Denied, for it not starting, not some kind of error.

I guess I'll just have to live without downloading any Metro apps, which isn't much of a hardship for me, since I'm not using the Metro interface anyway.

It's just that it bugs me to not be able to make some basic function of Windows work.
Maybe Microsoft will have a fixit for Widows 8 pretty soon.

I'll check from time to time.

the Comodo firewall actually seems to be a lot more effective then the native Windows one anyway.

Mike
 
Last edited by a moderator:
When you set the permissions on the two registry keys you have to be sure to cascade it down to the sub-keys and entries present in the parent containers.
 
Hi

Yes it says that the firewall is OFF but when you tell it to turn it on, it makes an effort and then says it couldn't do it.

Can't do it!.JPG

Stopped Service.JPG

Mike
 
Hey Mike, is that a standard install? I was wondering, because in the services picture you posted, the Windows Firewall is showing "Log On As" .\Jxxxxx

Mine shows as "Local Service". This might be because of some changes you have made, but all the attachments on that post seem to be around the same time.

There is a "How to configure user account log on options" link on the Windows Firewall-Log On tab. But I would think you could select the Local Service on the bottom of the list you show and select that.

You seem to have made several changes to your system as far as privileges. Have you taken ownership of any basic system functions and not returned them to the original owner?

I see you have discussed Refreshing your PC, and you have decided that will wipe out your programs?

Like Trouble said, I know you are getting tired of this, but we need to find a systematic way to solve your problem.

Edit: In the following key, there are settings for Mpssvc.dll. Could you check yours against the ones I show?

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc
 

Attachments

  • Firewall_Reg.JPG
    Firewall_Reg.JPG
    83 KB · Views: 442
Last edited by a moderator:
Hi

Yes it's a normal install and Local Service is the correct login for the firewall.
I've tried the others as well and they all give my the not the right account message.

Local service excepts my password and logs in, but when I try and start the firewall in services, it runs the progress bar, then pops up the message "Can't start Widows Firewall, check Event Log for cause" or something like that.

When I look at the Event Log it says that the reason is, "Access Denied".

I've gone through all the registry entries and every thing looks normal.
The driver is in the System32 folder and SFC /scannow doesn't find any errors.

I've pretty much given up, I'm not going to re-install every thing until I have more reason then the firewall not working.

I'll just ignore it and use the 3rd party firewall I have installed.
I guess it's a good thing I'm not using Metro.

Mike
 
Well, since you do not have access, and the KB that directly addressed that type of error did not help, where should we go next?

I am sure you have already tried to re-register mpssvc.dll, and maybe even deleted it and allowed the SFC to replace it.

You have decided there are no Refresh or re-install options that are acceptable? Would you like me to test something, like a Refresh to see if the normal applications, like Firefox or Quicken stay in place?

Had you installed the 3rd party firewall before, and could it, or something else set a registry entry to disable the Windows firewall?

What do you mean by you don't use Metro? Have you done something to disable the Metro UI?
 
Mike
Did you try disabling the Windows firewall in Services then reboot ant then reset to auto? I've fixed some other problems over the years by disabling and reenabling them.
Joe
 
I also found these registry entries when enabling the firewall with Process Monitor running. You might check to see if you show them and what values they have.

HKLM\System\CurrentControlSet\Services\MpsSvc\StartOverride

HKLM\SOFTWARE\MICROSOFT\Rpc\SecurityService\DefaultAuthLevel
 
Hi

I found this, I think this describes the problem but I'm too tired to really get into it tonight but I'll see if I can figure out what he's talking about tomorrow...

The error code I get it error 5, that's what he's talking about here.



This is a common error code seen in our management solutions. Although it is a common Windows error code, it's not really an error so much as an administrative access issue. It's commonly seen in networks with multiple domains and\or 'hybrid' environments with domains and Work-groups attached. We've given you a number of options to deal with this scenario.

Lieberman Software's management solutions require that you have administrative rights over the machine upon which you install them as well as the target machines that you wish to manage. If you are actively using User Manager Pro Suite to manage your machines or run reports against them, UMPS will use your current logged on Windows account to try to access the target machines. If you have created scheduled jobs to manage and\or report on your target machines, UMPS will use the credentials you have input into the scheduler service under Deferred Processing | Jobs Monitor | Scheduler Service.

If your current or scheduler service credentials don't have access to the target machines you can build a list of alternate administrative credentials for UMPS to use. You can build this list by opening one of your machine groups and select Settings | Alternate Administrator Accounts | Alternate Administrators | Add. Make sure to select the 'Enable Alt-Admin' check box on the lower right side of the Alternate Administrator Accounts dialogue screen.
 
Hi Saltgrass

Here it the comparison shots of the specs for the MpsScv folder in the registry from your computer and mine.

The only difference I see is in the 4th line down "Display Name.

Yours says "@%SystemRoot%system32\FirewallAPI.dll,-23090

And mine just says Windows Firewall.

Both Registry MpsSvc.jpg

Mike
 
Back
Top Bottom