Microsoft KB Archive/920074

= You cannot start the Windows Firewall service in Windows XP SP2 =

Article ID: 920074

Article Last Modified on 10/26/2007

-

APPLIES TO


 * Microsoft Windows XP Professional
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Home Edition

-



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
After you install Microsoft Windows XP Service Pack 2 (SP2), you cannot start the Windows Firewall service. Specifically, you experience one or more of the following symptoms:  Windows Firewall/Internet Connection Sharing (ICS) is not displayed in the Services list in Control Panel. Windows Firewall/Internet Connection Sharing (ICS) is displayed in the Services list, but you cannot start this service. You receive the following error message when you try to access Windows Firewall settings:

Due to an unidentified problem, Windows cannot display Windows Firewall settings.





CAUSE
This problem is caused by a missing or corrupted SharedAccess.reg file. The SharedAccess.reg file represents the Windows Firewall service.

Note The Windows Firewall service in Windows XP SP2 replaces the Internet Connection Firewall (ICF) service in earlier versions of Windows XP.



RESOLUTION
To resolve this problem, use one of the following methods.

Method 1: Call the &quot;Setup API InstallHinfSection&quot; function to install Windows Firewall
To install Windows Firewall, follow these steps:  Click Start, click Run, type cmd, and then click OK. At the command prompt, type the following command line, and then press ENTER:

Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf

</li> Restart Windows,</li> Click Start, click Run, type cmd, and then click OK.</li> At the command prompt, type the following command, and then press ENTER:

Netsh firewall reset

</li> Click Start, click Run, type firewall.cpl, and then press ENTER. In the Windows Firewall dialog box, click On (recommended), and then click OK.</li></ol>

Method 2: Add the Windows Firewall entry to the registry
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To add the Windows Firewall entry to the registry, follow these steps: <ol>  Copy the following text into Notepad, and then save the file as Sharedaccess.reg: <pre class="fixed_text">Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess] &quot;DependOnGroup&quot;=hex(7):00,00 &quot;DependOnService&quot;=hex(7):4e,00,65,00,74,00,6d,00,61,00,6e,00,00,00,57,00,69,00,\ 6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00 &quot;Description&quot;=&quot;Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.&quot; &quot;DisplayName&quot;=&quot;Windows Firewall/Internet Connection Sharing (ICS)&quot; &quot;ErrorControl&quot;=dword:00000001 &quot;ImagePath&quot;=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 &quot;ObjectName&quot;=&quot;LocalSystem&quot; &quot;Start&quot;=dword:00000002 &quot;Type&quot;=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] &quot;Epoch&quot;=dword:00002cd0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters] &quot;ServiceDll&quot;=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 69,00,70,00,6e,00,61,00,74,00,68,00,6c,00,70,00,2e,00,64,00,6c,00,6c,00,00,\ 00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] &quot;%windir%\\system32\\sessmgr.exe&quot;=&quot;%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019&quot;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] &quot;%windir%\\system32\\sessmgr.exe&quot;=&quot;%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019&quot;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup] &quot;ServiceUpgrade&quot;=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] &quot;All&quot;=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum] &quot;0&quot;=&quot;Root\\LEGACY_SHAREDACCESS\\0000&quot; &quot;Count&quot;=dword:00000001 &quot;NextInstance&quot;=dword:00000001 </li> Double-click Sharedaccess.reg to merge the contents of this file into the registry and to create the Windows Firewall entry.</li> Restart Windows.</li> Click Start, click Run, type cmd, and then click OK.</li> At the command prompt, type the following command, and then press ENTER:

Netsh firewall reset

</li> Click Start, click Run, type firewall.cpl, and then click OK.</li> Configure the Windows Firewall settings that you want to use.</li></ol>

If these methods do not work, reinstall Windows XP SP2.

<div class="moreinformation_section">

MORE INFORMATION
To verify that the Windows Firewall service is started, follow these steps:
 * 1) Click Start, click Run, type services.msc, and then click OK.
 * 2) In the list of services, locate Windows Firewall/Internet Connection Sharing (ICS). Notice that the status of the service is Started.
 * 3) For information about how to use the Services feature, click Help on the Action menu.

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

<div class="references_section">