by Hazem
10. January 2010 22:36
ticle ID: 943996 - Last Review: October 19, 2007 - Revision: 1.0
Some services do not start in Windows Vista
View products that this article applies to.
Result On Windows Vista computers, you find that the Windows Firewall service is not running. When you try to manually start the service, you get the error mentioned below. This problem may also occur for the DHCP Client service, or the “Diagnostic Policy Service” service.
Here are the errors for the "Windows Firewall" service:
Windows could not start the Windows Firewall on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 5.
In the System event log, you see the following event:
Source: Service Control manager Eventlog Provider.
Event ID: 7024
The Windows Firewall service terminated with service-specific error 5 (0x5)
Back to the top
Cause
The error means "Access is denied". This may happen if the "MpsSvc" account doesn't have the necessary permissions for the related registry keys.
For the NT Service\MpsSvc account, it needs permissions for the following keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch
Query Value;Set Value
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
Full Control;Read
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy
Full Control;Read
For the DHCP Client service, the issue may occur if the "NT Service\DHCP" account does not have the necessary permissions for the following keys:
Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp
permission needed: Query value, Create value, Enumerate Subkeys, Notify, Read Control
Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Configurations
permission needed: Full Control, Read
For the "Diagnostic Policy Service" service, the issue may occur when the account Trustedinstaller is missing the permissions for the key below:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS\Parameters
permission needed: Full Control, Read
Back to the top
Resolution
Add the permission for the account on these registry keys. For example, here are the steps for the Windows Firewall service:
1. In Registry Editor, browse to the key for which you need to add permission.
2. Right click the key, and click Permissions.
3. Make sure Locations is selected to be the local computer.
4. In the "Enter the object names to select field, type "NT SERVICE\mpssvc". Then click “Check name.”
5. Click OK.
6. Then select the account which appears in the list, and add the appropriate permission for it.
7. When this is done, click OK.
Back to the top
48823877-4800-4eb5-b5c1-6aac343b2042|0|.0
Tags:
Subscribe