Windows Firewall fails to start after XP SP2

  • Thread starter Thread starter Lyle
  • Start date Start date
L

Lyle

After installing SP2 I received the following error "The
class is configured to run as a security id different
from the caller" whenever I try to start the Windows
firewall on a domain. I created a test domain and
recreated the problem with another workstation. The
Firewall starts after the first reboot, but after that
group policy seems to apply, which on the test domain I
only configured the new windows firewall settings to
enable it. I have seen a couple of posts on the Internet
with the same issue, but none of them had any resolutions
listed. To get by for now I have to disable the Windows
Firewall. I am thinking that I am missing something in
Group policy, but I can't find it. Any ideas?

Thanks Lyle
 
Click Start, Run and enter SERVICES.MSC Locate the Windows Firewall/Internet Connection Sharing service and double click it. Go to the Logon tab and make sure its set to log on as the Local System Account. Allow this service to interact with the desktop should be Unchecked.
 
It is set to Local System Account and the check box is
cleared. That is the default setting I had,
unfortunately that didn't resolve the issue. We did
notice that by switching to a workgroup the firewall did
run, but when we joined the domain again the problem
reoccured. That is why I was thinking it might be
related to a group policy setting that I was missing.

Thanks Lyle
-----Original Message-----
Click Start, Run and enter SERVICES.MSC Locate the
Click to expand...
Windows Firewall/Internet Connection Sharing service and
double click it. Go to the Logon tab and make sure its
set to log on as the Local System Account. Allow this
service to interact with the desktop should be Unchecked.
--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Lyle" <[email protected]> wrote in
Click to expand...
message news:[email protected]...
 
I posted this exact same question last Friday on this
message board. I never recieved any kind of response so
I'd be real interested, too, in any resolution that is
available. There is nothing that I could find in the KB.
That error is referenced but it applies to CA in W2K.

Thanks for the tip about joining a workgroup. That gives
me something to work with to maybe track down a permanent
fix. I'll start digging through our group policies to see
if I can find something.
 
The trick is that you have to delete the following key
per MS support.
HKeyLocalMachine-Software-Classes-AppID-{ce166e40-1e72-
45b9-94c9-3b2050e8f180}
After deleting the key reboot and this should resolve
your issue. I have reproduced this on my system also.

This is currently being reviewed before being put into
the knowledge base.

See the following link for more information:

http://x220.minasi.com/forum/topic.asp?
TOPIC_ID=10029&#42277

Thanks for your help.
Lyle
 
Thanks for passing this on, Lyle. You may also want to look in Administrative Tools, Component Services, My Computer, DCOM Config, SharedAccess for the normal settings here. Its possible that there is some conflict with the users/groups that are assigned permissions. Possibly the difference between Administrators and Domain Administrators.
 
Can you be more specific, please. (i.e. What are
the 'normal' settings in DCOM config? What differences
should I look for between the admin accounts?)

I tried Lyle's fix and it worked but I don't want to have
to hack the registry on all 250+ computers on my domain
before I can safely install SP2.

Thanks
Ken
-----Original Message-----
Thanks for passing this on, Lyle. You may also want to
Click to expand...
look in Administrative Tools, Component Services, My
Computer, DCOM Config, SharedAccess for the normal
settings here. Its possible that there is some conflict
with the users/groups that are assigned permissions.
Possibly the difference between Administrators and Domain
Administrators.
--
Doug Knox, MS-MVP Windows Media Center\Windows Powered Smart Display
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Per user Group Policy Restrictions for XP Home and XP Pro
http://www.dougknox.com/xp/utils/xp_securityconsole.htm
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Lyle" <[email protected]> wrote in
Click to expand...
message news:[email protected]...
 
Here's a new twist... On the machine where I made the
registry change to enable the SP2 firewall (don't know if
it would have happened BEFORE the change), I tried
accessing Administrative Tools, Component Services, My
Computer, DCOM Config, SharedAccess as Doug suggested.
However, whenever I clicked on My Computer, the program
shutdown. I received no error message but got this entry
in the event log:

Event Type: Error
Event Source: COM+
Event Category: (98)
Event ID: 4822
Date: 08/23/2004
Time: 8:23:58 AM
User: N/A
Computer: IS-SUPERVISOR
Description:
A condition has occurred that indicates this COM+
application is in an unstable state or is not functioning
correctly. Assertion Failure: SUCCEEDED(hr)

Server Application ID: {02D4B3F1-FD88-11D1-960D-
00805FC79235}
Server Application Instance ID:
{02729CD3-820A-4EB4-9CDD-DB48CD4D76A5}
Server Application Name: System Application
The serious nature of this error has caused the process
to terminate.
Error Code = 0x8000ffff : Catastrophic failure
COM+ Services Internals Information:
File:
d:\qxp_slp\com\com1x\src\comsvcs\tracker\trksvr\trksvrimpl
..cpp, Line: 3000
Comsvcs.dll file version: ENU 2001.12.4414.258 shp

Can't find anything in the KB. Any ideas?

Thanks
Ken
 
Ken just wanted to follow up if you have been able to resolve your
problem. I had this problem a couple months ago and Microsoft told me
to take a flying leap. They said since the problem only occurs when
part of a domain and not when part of a work group, it would be pay to
play for support.

Thanks.
 
Back
Top