[SOLVED] Trying to start Windows Firewall error 0x8007042c

[Top-Dad]

Hi All,

All of a sudden i am having trouble turning on windows defender firewall, all i get is error 0x8007042c.

I have googled various fixes but nothing works, when attempting to start the service directly (via services - running as an administrator, I get an error code 1068.

I have checked for Malware in safe mode and all seems good, i am at wits end and any help would be appreciated.

 

[x BlueRobot]

Could you please open an elevated command prompt and enter the following commands:

sc query mpssvc
sc qc mpssvc

Please post the output in your next post. I assume you have no third-party firewall services installed?

 

[Top-Dad]

Hi Blue,

Please see below output, and no third-party firewall installed, just on the router.

SERVICE_NAME: mpssvc TYPE : 20 WIN32_SHARE_PROCESS STATE : 1 STOPPED WIN32_EXIT_CODE : 1068 (0x42c) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0


Regards

 

[x BlueRobot]

What was the output of the second command? You've only provided the output for one of them. Please enter the following command and provide the output (lack of):

sc qc mpssvc

 

[Top-Dad]

Hi Blue,

My apologies i entered both commands at once, please see below results for sc qc mpssvc.


SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Windows Defender Firewall
DEPENDENCIES : mpsdrv
: bfe
: nsi
SERVICE_START_NAME : NT Authority\LocalService

Regards.

 

[x BlueRobot]

Capture Process Monitor Trace
1. Download and run Process Monitor. Leave this running while you perform the next steps.
2. Try enabling the Windows Firewall just like you have in the past.
3. Stop Process Monitor as soon as it fails. You can simply do this by clicking the square icon on the toolbar as shown below.

4. Select the File menu...Save... and save the file to your desktop. This is likely the default location. The name (unless changed) will be LogFile.PML. This is fine.
5. Zip up and provide the link to the LogFile.PML file. Examples of services to upload to are Dropbox or OneDrive or WeTransfer.

 

[Top-Dad]

Hi Blue,

Ok, please see link below for the LogFile.PML

Windows Defender

Regards.

 

[x BlueRobot]

FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the 64-bit Version so please ensure you download that one.
2. Download the attached fixlist.txt and save it to the Desktop.
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
3. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
4. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
5. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

Afterwards, please attempt to start the service again with Process Monitor running. You should be able to attach the log file to your post if you zip it.

 

[Top-Dad]

Hi Blue,

Ok please see below Fixlog.txt contents below, and attached LogFile.PML.

I did attempt to start defender Firewall but same problem.


fixlist content:
*****************
CreateRestorePoint:
Reg: reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent
*****************

Restore point was successfully created.

========= reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog 08:01:26 ====


Regards.

 

[x BlueRobot]

Could you please run the attached FRST fix script? It won't actually fix anything, it's just going to run some commands to gather more information about the services which the firewall service is dependent upon.

 

[Top-Dad]

Hi Blue,

Please see attached Fixlog.txt, I'm glad you know what you are doing as I am lost.


Regards

 

[x BlueRobot]

The permissions on one of the registry keys required by the BFE service doesn't look right.

Restart Windows in Safe Mode w/Networking

Download Windows Repair (All-in-One) Portable

• Extract the tweaking.com_windows_repair_aio.zip to c:\Windows\TEMP the zip will extract to a folder called Tweaking.com - Windows Repair
• Execute the file Repair_Windows.exe from the Tweaking.com - Windows Repair folder, accept the Security warning and the EULA
• Click the button Jump To Repairs
• Click the Open Repairs button to access the following screen:
  
  
• Click the box All Repairs to uncheck all the boxes
• Check only the following boxes:
  • 1 - Reset Registry Permissions
  • 3 - Reset Service Permissions
• Check the box Restart/Shutdown System When Finished > Restart System
• Click the Start Repairs button
• When the system reboots, please check that the Windows Firewall service is running or not.

 

[Top-Dad]

Hi Blue,

You are legend, see below screenshot all good thank you so much.

Would you know what would have caused this problem? malware maybe or just a glitch.

 

[x BlueRobot]

Would you know what would have caused this problem? malware maybe or just a glitch.

Glad everything is working okay now! For some reason, the permissions for one of your BFE service keys was changed so the SYSTEM user account wasn't able to access it, which meant that the BFE service wasn't able to be started. That service is required by the Windows Defender Firewall service which is why it couldn't start.

It could have possibly been caused by a malware infection or someone/something possibly changed it? What kind of steps did you do before seeking help here?

 

[Top-Dad]

Hi Blue,

I Googled all different sites, tried different elevated command prompts, tried many things.

I knew it had something to do with a service not running but which one and how to fix it I was not sure. I did see someone have a similar problem to me on this forum, and it was fixed so i thought i would give it go.

Also, i did run a Malware program and I think I did see some infection with the word's defender, so i assume this was the cause of the problem maybe?

Again, thank you for your help and I will be making a donation to this site.


Regards.

Top-Dad

 

[x BlueRobot]

It might have been a warning message because your firewall was disabled. Many thanks for considering a donation, it is very much appreciated!