Windows firewall broken on server 2008

This evening I tried to rdp into my server 2008 box and was unable to. After poking around some I discovered that something is awry with my Windows Firewall. I did install 5 windows updates remotely earlier today but rolled those back in an attempt to see if that fixed the problem but had no luck.

Symptoms:

cannot rdp to machine (including from itself)
cannot ping machine
cannot connect to file share on machine
error message when attempting to open "windows firewall with advanced security" snap-in (there was an error opening the windows firewall with advanced security snap-in … The Windows Firewall with Advanced Security snap-in failed to load. Restart the windows firewall service on the computer that you are managing. Error code: 0x6D9.
When I opened the "user-friendly" Windows Firewall it failed to load most of the gui elements, meaning, the title bar with close, minimize, and maximize buttons is present, the rest of the window has a white background with a yellow rectangle with rounded corners and a yellow triangle w/ an exclamation point is in the upper right. hope that made sense
"Windows Firewall" does not appear in the list of services

I ran a virus scan that found nothing.

How do I fix the firewall and hopefully restore the ability to rdp?

EDIT: Added at fission's request:

c:\>sc query mpsdrv

SERVICE_NAME: mpsdrv
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

c:\>sc query mpssvc

SERVICE_NAME: mpssvc
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1068  (0x42c)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

Those two registry keys do exist: HKLM\SYSTEM\CurrentControlSet\Services\mpsdrv & HKLM\SYSTEM\CurrentControlSet\Services\MpsSvc

! The problem seems to be with the Base Filtering Engine, when I try to start it I get the following error:
Windows could not start the Base Filtering Engine service on MYCOMPUTER.
Error 15100: The resource loader failed to find MUI file.

EDIT2: I ran sfc /scannow and i found about 100 occurrences of "[SR] Cannot repair member file"… including several related to the firewall (ex: [l:32{16}]"Firewall.cpl.mui" of Networking-MPSSVC.Resources…). One of them mentioned wordpad.exe, which I tried to open, and it failed. I found here mentions of mounting the install.wim on the install media to copy the affected files over. I am downloading the appropriate AIK and will continue tomorrow evening.

EDIT FINAL: As this was a development box I ended up rebuilding it.

Best Answer

We had almost the same problem on one of our Win2008 Server boxes today. The only exception was that we did in fact see the Windows Firewall process in the process listing, however, we were unable to start it up. The Event Log showed "Access Denied" as the reason.

Turns out something had messed up the permissions in the registry, so that the user dedicated to the firewall was unable to fire it up.

Check this out, even if it is for Vista: http://support.microsoft.com/kb/943996. It solved out problem :-)

Best Answer

Related Solutions

Windows – Disable Windows Firewall (on server) for VPN-Connected Clients

Firewall – How to configure Windows Firewall to permit MSRPC

Related Topic