Unable to start Windows Firewall or Unable to ping your machine from another one (Some services do not start in Windows Vista or Windows 7)

StackOverflow https://stackoverflow.com/questions/20102191

  •  03-08-2022
  •  | 
  •  

Pregunta

I think I've been affected by a virus which give me a real hard time to repair. I’d like to share with you to save you many hours if you ever have the same problem.

Symptomes:

  • Access error while trying to start a windows service (Firewall, DHCP, DIagnostics Policy)
  • Unable to reach your machine from another one (either ping).
  • Unable to start Windows Firewall. Error code 0x80070005
  • Windows Firewall Snap-in error code: 0x6D9
  • Unable to allow “Remote assistance” in Windows Firewall
  • Unable to allow “File and Print Sharing” in Windows Firewall
  • Event Viewer – System – Error: Windows Firewall service terminated with service specific error Access is denied..
  • Trying to start “Windows Firewall” service from the service snap-in give error “Code 5, access error”.
  • Trying this would not work: http://support.microsoft.com/kb/943996 either the Fixit or manually. 0x80070005 (Code 5, access error)
  • Unable to add user or permissions for user: MpsSvc
¿Fue útil?

Solución

How to identify the source of the bug:

  1. Download and run “Process Monitor”.
  2. Add filters:
    • Image path contains "svchost" then Include.
    • Result contains "access".
  3. Try to start the firewall - it will show you cause - the access error on the registry key (e.g. "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess").

How to identify if the solution can fix your problem:

Add permission: add user ‘Everyone’ and give it ‘Full Control’. Retry, it should work… Remove the user ‘Everyone’ which is not the right way to solve the problem.

The problem probably lie in the fact that you are missing another permission on every “Epoch” key under “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess”.

Solution:

The solution had been tested for the firewall but should probably could be applied to other services. See “Identify the source of the bug” to identify if it apply to your service and what registry key you need to modify.

This solution apply at least for the Windows Firewall service:

  1. Open regedit and navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess".
  2. Add Permissions (Query Value and Set Value) to all Epoch keys for user MpsSvc:
    1. Right click "Epoch?" and select Permissins... (where ? is either nothing or 2 or 3 or …).
    2. Press Add...
    3. Press Locations..., select current machine (first one usually) and confirm.
    4. Write user NT SERVICE\mpssvc, press Check Names and confirm (this step could be problematic because this system user is "hidden").
    5. Check “Allow” “Full Control” (it is temporary in order to set advanced permissions).
    6. Press Advanced, select “MpsSvc” and press Edit.
    7. Press Show advanced permissions and check only “Query Value” and “Set Value”.
    8. Press OK to accept, press OK to accept again, press OK to accept again.
    9. Do that for all “Epoch” entries.

Your done… Good luck!

Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top