• Still running Windows 7 or earlier? Support for Windows 7 ended on January 14th 2020. Please review the thread here for more details.

[SOLVED] Trying to start Windows Firewall

B

beranim

Member
Joined
Sep 4, 2015
Posts
21
Location
Leeds, UK
Hi,

Having made a decision to remove AVG, I temporarily disabled it and then went about starting Windows Defender (successfully) and Windows Firewall (unsuccessful).

When attempting to start it through control panel/system & security/ and clicking "use recommended settings" i get an error code 0x8007042c

When attempting to start the service directly (via services - running as an administrator, I get an error code 1068.

Properties of the service show dependencies on "Bass Filtering Engine"& "Windows Firewall Authorisation Driver" - I can see that the former is running but have no idea how to check the latter.

Help is very welcome,

thanks
 
Hi xiloee,

Thanks for the pointer, but that article, whilst quite useful didn't do the trick. I have been through the malware checks (with support from Corrine) - with an all clear (on my wider PC performance issue), method two returns the 0x8007042c error and method 3 and 4 both return the 1068 error.
I am making an educated guess, that the problem may be the "Windows Firewall Authorisation Driver" as I have no idea what it is nor where to find it.

Thanks
beranim
 
OK, I have no worked out a bit more. Apparently there are hidden 'devices' in Device Manager (never really noticed that before) and lo and behold, when I looked at Windows Firewall Authorisation Driver" it shows as "disabled"" (Code 22). When I try to 'enable device", I get the incredibly helpful (NOT!!) message of "Windows was not able to enable the device".
 
Retry with the "windows firewall authorisation driver": set its startup type to demand, click ok, (fingers crossed that it will be accepted), restart windows.

(Did you also try the MSRT? Why did you not uninstall AVG completely? Aren't you able to reinstall it later? I think it should be the culprit.)
 
You can also launch these commands from a command prompt to check the status of that driver:
Code: 
sc qc mpsdrv
sc query mpsdrv
Output on windows 10 (standard) x64, from a NON-elevated command prompt:
(I don't know if it should be the same for windows vista/7, sorry)
Read More:
 
Hi xilolee,

The underlying symptom I am suffering is a sudden slowdown in PC performance which I am trying to resolve. One contender (apparently - but I have my doubts) is AVG. So I do want to uninstall it. However, I don't want a) my system to be left exposed indefinitely and b) I am not keen on installing another internet security suite until the underlying performance issue is resolved (mainly based on there being no consensus as to what to install;). On that basis I am looking to run Windows Defender & Firewall in the short term. However I am now stuck in not being able to start Windows Firewall.

Following other guidance (found here Windows firewall can't change some of your settings Error code - Microsoft Community)
I ran sfc /scannow - which returned an indication of any violations (btw I have already worked with Corrine to eradicate any maleware possibilities).

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

I then tried to 'reset'

C:\Windows\system32>netsh advfirewall reset

An error occurred while attempting to contact the Windows Firewall service. Mak
e sure that the service is running and try your request again.

which returns an helpful windows response (in that it repeats I have a problem but not a resolution)

I then ran the two commands to show the status which are pasted in below. Which unsurprisingly confirmed stopped with a 1058.

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>netsh advfirewall reset

An error occurred while attempting to contact the Windows Firewall service. Mak
e sure that the service is running and try your request again.


C:\Windows\system32>sc qc mpsdrv
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: mpsdrv
TYPE : 1 KERNEL_DRIVER
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : System32\drivers\mpsdrv.sys
LOAD_ORDER_GROUP : network
TAG : 0
DISPLAY_NAME : Windows Firewall Authorization Driver
DEPENDENCIES :
SERVICE_START_NAME :

C:\Windows\system32>sc query mpsdrv

SERVICE_NAME: mpsdrv
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1058 (0x422)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

C:\Windows\system32>

With regards to changing the start to 'demand' I have no idea how to do that, as in services in Windows 7, I have Automatic, Automatic (Delayed Start), Manual, Disable (via Services) and I cant find any reference to either mpsdrv or Windows Firewall Authentication Drive in the 'services' where I would normally change the startup.

Thanks
 
I think you should find it in device manager, view, tick Show Hidden Devices, tick show Devices By Connection, double-left-click windows firewall authorization driver (this opens its properties), driver tab, check the startup type and report here its actual setting.
And I think you can change it from there.

Also, from a command prompt, launch: gpresult -z > "c:\users\%username%\desktop\gpresult.txt"
You should find a txt on your desktop: paste the result here.

Mine:
Read More:
 
Hi again xilolee,

OK, first a big thanks for coming back to me. On the Device Manager, you are correct - there are more choices here than when going through the 'services'. It is currently set to "Automatic", but other settings are available (Boot, Demand, System and Disabled).

I will have a go at changing it to Demand and restarting the machine.

I have run gpresult, not sure if you wanted report as an administrator or not, so I ran both (Pasted below)

Juts as my usual user (I only have one set up on the PC)

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 24/09/2015 at 17:22:51



RSOP data for Westray-Gamer\Alan on WESTRAY-GAMER : Logging Mode
-----------------------------------------------------------------

OS Configuration: Standalone Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\Alan
Connected over a slow link?: No


USER SETTINGS
--------------

Last time Group Policy was applied: 18/09/2015 at 00:09:12
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: Westray-Gamer
Domain Type: <Local Computer>

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
None
Everyone
Local account and member of Administrators group
HomeUsers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
Local account
LOCAL
NTLM Authentication
High Mandatory Level

The user has the following security privileges
----------------------------------------------


Resultant Set Of Policies for User
-----------------------------------

Software Installations
----------------------
N/A

Logon Scripts
-------------
N/A

Logoff Scripts
--------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
N/A

Internet Explorer Connection
----------------------------
N/A

Internet Explorer URLs
----------------------
N/A

Internet Explorer Security
--------------------------
N/A

Internet Explorer Programs
--------------------------
N/A



And again. (as administrator)

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 24/09/2015 at 17:19:20



RSOP data for Westray-Gamer\Alan on WESTRAY-GAMER : Logging Mode
-----------------------------------------------------------------

OS Configuration: Standalone Workstation
OS Version: 6.1.7601
Site Name: N/A
Roaming Profile: N/A
Local Profile: C:\Users\Alan
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

Last time Group Policy was applied: 18/09/2015 at 00:08:46
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: WESTRAY-GAMER
Domain Type: <Local Computer>

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The computer is a part of the following security groups
-------------------------------------------------------
BUILTIN\Administrators
Everyone
NT AUTHORITY\Authenticated Users
System Mandatory Level

Resultant Set Of Policies for Computer
---------------------------------------

Software Installations
----------------------
N/A

Startup Scripts
---------------
N/A

Shutdown Scripts
----------------
N/A

Account Policies
----------------
N/A

Audit Policy
------------
N/A

User Rights
-----------
N/A

Security Options
----------------
N/A

N/A

Event Log Settings
------------------
N/A

Restricted Groups
-----------------
N/A

System Services
---------------
N/A

Registry Settings
-----------------
N/A

File System Settings
--------------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A


USER SETTINGS
--------------

Last time Group Policy was applied: 18/09/2015 at 00:09:12
Group Policy was applied from: N/A
Group Policy slow link threshold: 500 kbps
Domain Name: Westray-Gamer
Domain Type: <Local Computer>

Applied Group Policy Objects
-----------------------------
N/A

The following GPOs were not applied because they were filtered out
-------------------------------------------------------------------
Local Group Policy
Filtering: Not Applied (Empty)

The user is a part of the following security groups
---------------------------------------------------
None
Everyone
Local account and member of Administrators group
HomeUsers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
This Organization
Local account
LOCAL
NTLM Authentication
High Mandatory Level

The user has the following security privileges
----------------------------------------------

Bypass traverse checking
Manage auditing and security log
Back up files and directories
Restore files and directories
Change the system time
Shut down the system
Force shutdown from a remote system
Take ownership of files or other objects
Debug programs
Modify firmware environment values
Profile system performance
Profile single process
Increase scheduling priority
Load and unload device drivers
Create a pagefile
Adjust memory quotas for a process
Remove computer from docking station
Perform volume maintenance tasks
Impersonate a client after authentication
Create global objects
Change the time zone
Create symbolic links
Increase a process working set

Resultant Set Of Policies for User
-----------------------------------

Software Installations
----------------------
N/A

Logon Scripts
-------------
N/A

Logoff Scripts
--------------
N/A

Public Key Policies
-------------------
N/A

Administrative Templates
------------------------
N/A

Folder Redirection
------------------
N/A

Internet Explorer Browser User Interface
----------------------------------------
N/A

Internet Explorer Connection
----------------------------
N/A

Internet Explorer URLs
----------------------
N/A

Internet Explorer Security
--------------------------
N/A

Internet Explorer Programs
--------------------------
N/A


Not sure what to look for in this report, but hope it sheds some light. I will feedback if the demand/restart makes any difference shortly

Thanks
beranim
 
Hi xilolee, that's worked, I now have Defender and Firewall up and running. Thank you very much for that. If you are able and willing, I would be interested to know if anytyhing in the gpresult shows anything revealing about this problem - for the future :)

My next step is to uninstall AVG and get back to the problem at hand, which is why is the machine is running so badly. However as a specific thread, this is probably solved and I will mark as so - unless you advise not.
 
Glad it worked! ;)
I have done another search in avg website/forum and I've found they put a driver in the network connection...
Maybe it could have been sufficient to disable that one in Control Panel\Network and Internet\Network and Sharing Center, double-left-click properties, then click properties in the window that appears, untick AVG network filter driver and click ok.
Anyway, given that the windows firewall started in this way, I'd uninstall AVG and re-set windows firewall authorization driver to automatic.
 
Thanks again.

I have uninstalled AVG (hopefully completely and tidily). No noticeable change to the PC performance, but that's another thread :)
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top