The How-To Geek Forums Have Migrated to Discourse


How-To Geek Forums / Windows Vista

Can't turn on Windows Firewall

(38 posts)
  • Started 9 years ago by RS
  • Latest reply from Santo
  • Topic Viewed 62579 times

RS
Posts: 21

I have Windows Vista 32 bit OS.

Today I uninstalled the RAM hog Norton 360. I restarted my computer after it was uninstalled and I was immediately prompted to turn on my Windows Firewall. I go to turn it on and Windows says it cannot be turned on and then asks me if I want to turn it on manually. After I click on the "manual installation" option a new Windows Firewall window opens and it says the Firewall is not using the recommended settings to protect my computer ( which I later find out is another way of saying my Firewall isn't turned on.... Redundant message.) I'm given the option to update my settings for the Firewall, but Windows is not able to update the settings. It's almost as if I have another Firewall installed and Windows has automatically shut off the Windows Firewall. A little help would be nice... :)

Posted 9 years ago
Top
 
ScottW
Posts: 6609

RS, hi and welcome. We seem to be getting this a lot lately. You might want to hunt up the other threads from others who are having trouble starting Windows Firewall. Here's one now:
https://www.howtogeek.com/forum/topic/windows-firewall-service-will-not-start

You may also have the Firewall service not starting. Try the "sc queryex mpssvc" and "sc qc mpssvc" commands from an elevated command prompt. Also, try the System File Checker ("sfc /scannow").

Posted 9 years ago
Top
 
RS
Posts: 21

When I type those commands into the command prompt I get a bunch of information, but from what I've seen the important info you needed is the dependencies and I got; mpsdrv: bse

I also read this article (http://support.microsoft.com/kb/943996) in one of the links you sent me and it looks like it may be able to help but I'm confused when it comes to all the registry keys; I don't know if the article is telling me to edit all of them or what so I'm a little hesitant to do that without knowing for sure.. Here's what I got when I typed those commands into the prompt...

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 1068 (0x42c)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :

[SC] QueryServiceConfig SUCCESS

-------------------------------------

SERVICE_NAME: mpssvc
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNe
twork
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Windows Firewall
DEPENDENCIES : mpsdrv
: bfe
SERVICE_START_NAME : NT Authority\LocalService

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Yes, well there is a problem, alright. The service is set to start Automatically, but it is stopped with an exit code. It means:

1068 The dependency service or group failed to start.

So, in your case it would seem that one of the dependencies did fail to start. You need to trace back all of the service dependencies and their dependencies, and so on, until you find one with no dependencies that didn't start. Also, you should definitely run the SFC now because there may be a missing or corrupt system file. The Norton uninstall could have caused it.

As for that KB article, it does not apply to you. The exit code that you are getting is not the same.

Posted 9 years ago
Top
 
RS
Posts: 21

Ok, I'm running the SFC now... Sorry, but how do I trace back all of the service dependencies and their dependencies until I find one that didn't start...?

Posted 9 years ago
Top
 
ScottW
Posts: 6609

There are two ways to trace back the dependencies. Either use more "sc" commands from the command line or use the Services MMC snap-in. To run the snap in, open a Run box with Win+R then type services.msc. Either way you need to track it back. Are mpsdrv and bfe running? If not, what are their dependencies? Are those dependencies running? And so on. When you find a stopped service with no dependencies that should be running that is the most likely culprit.

If that still doesn't make sense, just ask and I'll walk you through it. We geeks do this kind of thing so often that it's like breathing, but we were all new at one time.

Posted 9 years ago
Top
 
RS
Posts: 21

Well I just finished the SFC, and I got this....

C:\Windows\system32>sfc/scannow

Beginning system scan. This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.Windows Resource Protection found corrupt files but w
as unable to fix some of them.
Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For example
C:\Windows\Logs\CBS\CBS.log

C:\Windows\system32>

Posted 9 years ago
Top
 
RS
Posts: 21

Now that I'm in Services program how do I check if the mpsdrv and bfe are running... I'm lost.. :p

Posted 9 years ago
Top
 
RS
Posts: 21

In services I double clicked on the Windows Firewall. The service startup type is set to Automatic, but obviously it's stopped due to this error 1068... Under dependencies it says the program depends on "Base Filtering Engine --> "Remote Procedure Call (RPC)". Also, the Windows Firewall Authorization Driver. I hope this is what you wanted me to find...

Posted 9 years ago
Top
 
ScottW
Posts: 6609

RS, sounds like progress. Did you restart after running the SFC? Sometimes it requires a restart to fix the files. Also, run SFC again after the restart and it might run clean.

You are on the right track in Services. The Base Filtering Engine is the long name for "bfe" and the Firewall Authorization thing is "mspdrv". Keep tracing back the dependencies to find out why the Firewall service won't start.

Posted 9 years ago
Top
 
RS
Posts: 21

Ok, so the Base Filtering Engine's depends on the "RPC," but I then open the "RPC" and it has no dependencies at all... Could this be my problem?

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Is the Remote Procedure Call (RPC) service stopped? There are many services that depend on RPC, so if it were not running I would expect you to have more problems than just the firewall.

Posted 9 years ago
Top
 
whs
Posts: 17584

Just another thought. How did you uninstall Norton. If you have not used their removal tool http://service1.symantec.com/S.....38;src=hot then you may still have some Norton on your system that is blocking the Vista firewall.

Posted 9 years ago
Top
 
RS
Posts: 21

The RPC service is running. Thanks whs, I'll give that a try.

Posted 9 years ago
Top
 
RS
Posts: 21

Sigh*.... The Norton removal program did not work. Stuck again..

While in the Services are I noticed that there is a service named "msfwsvc" and under description it says "Failed to read desciption Error Code 2." I looked this file up and it's linked to Microsoft Live onecare, but I don't have this program installed on my computer... I wonder if this has anything to do with my problem?

Posted 9 years ago
Top
 
RS
Posts: 21

Ah! I think I may have found the problem, one of the dependencies for the Firewall is the Base Filtering Engine and it is stopped. I try to start it and I get an Error 2 message saying the file specified cannot be found.

Posted 9 years ago
Top
 
ScottW
Posts: 6609

RS, did you try running the SFC a second time? It might fix the problem or generate a new log that would tell us something.

If you want me to look at the exit codes for the Base Filtering Engine, post the output of "sc queryex bfe" and "sc qc bfe".

Posted 9 years ago
Top
 
RS
Posts: 21

I did run it a second time and it told me the exact same thing. Something about corrupt files and that there were more details in the CBS.log. I then tried to go into that log but got an "access denied"

Here's the outputs:

C:\Windows\system32>sc queryex bfe

SERVICE_NAME: bfe
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 1 STOPPED
WIN32_EXIT_CODE : 2 (0x2)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
PID : 0
FLAGS :

C:\Windows\system32>sc qc bfe
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: bfe
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Windows\system32\svchost.exe -k LocalServiceNoNe
twork
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Base Filtering Engine
DEPENDENCIES : RpcSs
SERVICE_START_NAME : NT AUTHORITY\LocalService

C:\Windows\system32>

Posted 9 years ago
Top
 
whs
Posts: 17584

The Norton removal tool has always worked for me. But I always had a whole Norton to remove. Maybe it did not work for you because you had only bits and pieces left. I would reinstall Norton and THEN use the removal tool.

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Well, there is definitely a missing file, and it's preventing services from starting. For the BFE service, exit code 2 means:

2 The system cannot find the file specified.

Here are the official instructions from Microsoft on analyzing the contents of CBS.log. Try this first:
http://support.microsoft.com/kb/928228/en-us

Posted 9 years ago
Top
 
RS
Posts: 21

I followed the instructions exactly... once I finish entering the command nothing comes up after hitting enter. Normally you'd get an error/improper command message but nothing pops up for me. I wish there was a simple way to reacquire this file.

Posted 9 years ago
Top
 
RS
Posts: 21

I also tried re-installing Norton and retrying the Removal Tool... didn't work.... :(

Posted 9 years ago
Top
 
ScottW
Posts: 6609

RS, I'm guessing you ran this command from the KB article:

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >sfcdetails.txt

This will not produce any visible output because the information is sent to the file "sfcdetails.txt" which you need to find and view. The file will be output wherever you ran the command. If you can't remember where that is, open the Command Prompt again. While you are there, you can type "notepad sfcdetails.txt" to view the file in Notepad. Once you have it open, you are looking for lines that say "repairing", "repaired", or "cannot repair" and it will give the name of the problem file(s).

Posted 9 years ago
Top
 
RS
Posts: 21

Cannot repair member file [l:20{10}]"tcpmon.ini"

Could not reproject corrupted file [ml:520{260},l:46{23}]"\??\C:\Windows\System32"\[l:20{10}]"tcpmon.ini"

Every other files was able to be repaired except for this one.

Posted 9 years ago
Top
 
ScottW
Posts: 6609

OK, so we have a file name. If you do a web search on tcpmon.ini you will see that others have had the same trouble. Unfortunately, I have yet to find anyone with a solution. Apparently tcpmon.ini holds printer settings for older, legacy printers. What kind of printer(s) do you have installed?

Also, in other discussions there was mention of this problem possibly being caused by AV software. If Norton 360 is the cause of this, the damage may already be done. Check to see if you have some restore points from before the Norton uninstall. We might be able to pull an old copy of tcpmon.ini out of a shadow copy. Go to Start and in the search box, type "restore". Run System Restore, select "choose a different restore point", then click Next. Note the dates of available restore points, but DO NOT restore from them. Click Cancel to exit.

Posted 9 years ago
Top
 
RS
Posts: 21

Well I don't have a printer installed. And there's a few restore points, the best bet would be August 3rd.

Posted 9 years ago
Top
 
RS
Posts: 21

bump..

Posted 9 years ago
Top
 
ScottW
Posts: 6609

RS, try this program called ShadowExplorer. I have never used it, but it has been recommended by others here. It should let you look through the old shadow copies where you need to find a copy of tcpmon.ini. Hopefully, you can find the file in an old shadow copy and extract it out with this utility:
http://www.shadowexplorer.com/

Posted 9 years ago
Top
 
RS
Posts: 21

ok I found the old copy of tcpmon.ini and it exported it out of the the programs. What's my next step?

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Good! Where is the old copy of tcpmon.ini located? You are going to need it in the standard location which is C:\Windows\System32\. If ShadowExplorer can extract the old one into it's original location, that would be ideal. Otherwise, you will need to copy tcpmon.ini into that directory.

Posted 9 years ago
Top
 
RS
Posts: 21

Well the old copy of tcpmon.ini is where its supposed to be, in the System32 folder. When I try to extract it back into the System 32 folder it won't let me because the file already exists in that location.

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Well, that is not surprising but kind of ironic. Windows is now protecting the bad file. Here's what you do. First rename the existing tcmpon.ini to something else, such as tcpmon.ini.bad. Then use ShadowExplorer to extract the file from the shadow copy and restore it to the original location. My hope is that ShadowExplorer will restore the file with all of the original permissions which is probably important.

Once you have replaced the bad file with the one from the shadow copy, restart the system then run the SFC again and see if it is happy with the replacement. I'll keep my fingers crossed!

Posted 9 years ago
Top
 
RS
Posts: 21

Haha, Windows doesn't let me rename the file either.

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Yes, of course. That's Windows Resource Protection preventing the file from being modified. You need to follow these instructions from The Geek, then you should be able to rename the file:
https://www.howtogeek.com/howto/windows-vista/how-to-delete-a-system-file-in-windows-vista/

Posted 9 years ago
Top
 
RS
Posts: 21

Alright, I did everything with regards to modifying the file and then exporting the old file from that program into the proper location. That all went fine, I then ran the SFC again and it again told me the file was corrupt. So I thought restarting and trying the scan again might work, but it didnt. So it was probably corrupt prior to the Norton install. Could I get the file from a friends computer and put it onto mine to see if that works?

Posted 9 years ago
Top
 
ScottW
Posts: 6609

Well the contents of this file do appear to be just static text, so yes, try getting a copy from another system with the same version of Vista.

Posted 9 years ago
Top
 
RS
Posts: 21

I got the file through a friend and no dice... Still get the error when running the scan.

Posted 9 years ago
Top
 
Santo
Posts: 1288

Forget about the Windows Firewall. Install Comodo fire wall from http://www.personalfirewall.comodo.com/.
If you are very particular about Windows Fire wall. Take a backup of your important files and reinstall or recover your computer.

Posted 9 years ago
Top
 



Topic Closed

This topic has been closed to new replies.