Ranjan Mantri: Unable to start Windows firewall service in Windows XP SP2 due to adminitrative templates

SOLUTION : This solution provides step to resolve problem with Windows Firewall service. You cannot start the Windows Firewall service. You may experience one or more of the following symptoms:

When you click Windows Firewall in Control Panel, you may receive the following error message:
Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?
If you click Yes, you receive the following error message:
Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.
If you try to manually start the Windows Firewall service by using Services, you may receive the following error message:
Could not start the Windows Firewall/Internet Connection Sharing (ICS) service on Local Computer.
Error 0x80004015: The class is configured to run as a security id different from the caller .

Note: To open Services, click Start, click Control Panel, double-click Administrative Tools, and then double-click Services. For information about how to use Services, on the Action menu in Services, click Help.
The following events may appear in the system event log:
Event ID: 7036
Event Source: Service Control Manager
Event Type: Information
Event Category: None
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service entered the stopped state.

Event ID: 7023
Source: Service Control Manager
Type: Error
Description:
The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:
The class is configured to run as a security id different from the caller.

When you use the SC query command to determine the status for the Windows Firewall/Internet Connection Sharing service, you see the following output:

C:\>sc query sharedaccess
SERVICE_NAME: sharedaccess
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
(NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : -2147467243 (0x80004015)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

If you try to start the Windows Firewall/Internet Connection Sharing (ICS) service at the command prompt by using the net start sharedaccess command, you see the following output:

C:\>net start sharedaccess
The Windows Firewall/Internet Connection Sharing (ICS) service is starting.
The Windows Firewall/Internet Connection Sharing (ICS) service could not be started.
A system error has occurred.
System error 16405 has occurred.
The system cannot find message text for message number 0x4015 in the message file for BASE.

Note: The Windows Firewall feature of Windows XP SP2 is a replacement for the Internet Connection Firewall (ICF) in earlier versions of Windows XP.

Method 1: Restore the default security descriptor for the SharedAccess service

The service that controls the Windows Firewall/Internet Connection Sharing (ICS) service is named SharedAccess. The default security descriptor (SD) gives READ access to LocalSystem (SY), PowerUsers (PU), and AuthenticatedUsers (AU), and it gives Full Control access to Administrators (BA).

To view the SD of SharedAccess, type SC sdshow SharedAccess at the command prompt, and then press ENTER. The default SD appears and resembles the following:

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

Note: To open the command prompt, click Start, click Run, in the Open box, type CMD, and then click OK.
If you see any other output as illustrated in this example, you can reset the SD by using the SC command with the sdset option. To restore the default SD for the SharedAccess service, type the following command at the command prompt, and then press ENTER:

SC sdset SharedAccess D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;AU)(A;;CCLCSWRPWPDTLOCRRC;;;PU)

For more information about the SC sdset command, see Windows Help.

Method 2: Restore the default SD for the SharedAccess services.

Caution: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs.

To restore the default SD for the SharedAccess services, follow these steps:

Click Start, click Run, in the Open box, type regedit, and then click OK.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security
Delete the Security registry subkey, if it exists.
Exit Registry Editor, and then restart the computer.

Note: It is important to delete the Security registry subkey if this subkey exists. This guarantees that the default security descriptor is used for starting Windows Firewall when the computer is restarted.

If you run Microsoft Component Object Model (COM), DCOM, or Microsoft COM+ applications to control the Windows Firewall service, you must also follow these steps:

Click Start, click Run, in the Open box, type regedit, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{ce166e40-1e72-45b9-94c9-3b2050e8f180}
On the File menu, click Export.
In the File name box, type C:eg_AppID_CLSID.reg, and then click Save to save the registry file.
Delete the {ce166e40-1e72-45b9-94c9-3b2050e8f180} registry subkey.
Click OK, and then exit Registry Editor.
Start the Windows Firewall/Internet Connection Sharing (ICS) service. To do this, type NET START SharedAccess at the command prompt, and then press ENTER.

Note: You can perform all these steps at the command prompt. To do this, follow these steps:

Type the following commands, and then press ENTER after each command:
REG DELETE HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Security /fREG DELETE HKLM\SOFTWARE\Classes\AppID\{ce166e40-1e72-45b9-94c9-3b2050e8f180} /f
The deletion of the {ce166e40-1e72-45b9-94c9-3b2050e8f180} registry subkey is an important step. This step guarantees that the default security descriptor at the time of re-importing is applied.
Restart the computer.

For more information about security templates, see 'Data Security and Data Availability for End Systems' at the following Microsoft Web site: http://www.microsoft.com/technet/archive/security/bestprac/bpent/sec3/datavail.mspx?mfr=true

For more information about the Windows XP Security Guide v2, visit the following Microsoft Web site:: http://www.microsoft.com/downloads/details.aspx?FamilyId=2D3E25BC-F434-4CC6-A5A7-09A8A229F118&displaylang=en

3 comments:

Online Tech Support said...: Nice detailed guide for Windows XP. You can, though, get it done easily by the help f online tech support through a remote desktop.; 19 April, 2011 04:18
Remote Tech Support said...: This is the best informative blog i have seen. Thanks for the post.; 19 June, 2012 03:18
AT&T Mail support said...: We are Assistance for All, the most popular and reliable AT&T Mail support agency operating around the country. We can get rid of all your problems related to AT&T services through our website.; 25 January, 2022 13:30

	Online Dictionary Lookup Reference Dictionary, Encyclopedia & more
Word:
Look in:	Dictionary & thesaurus Medical Dictionary Legal Dictionary Financial Dictionary Acronyms Idioms Encyclopedia Wikipedia Periodicals Literature Other languages: Spanish Dictionary German Dictionary French Dictionary Italian Dictionary Chinese Dictionary Portuguese Dictionary Dutch Dictionary Norwegian Dictionary Greek Dictionary Russian Dictionary
by:

Unable to start Windows firewall service in Windows XP SP2 due to adminitrative templates

3 comments:

Already Registered? Sign In

TeleMessage SMS Sender Demo

Recent Posts