W10 1607 LTSB / mpssvc - Firewall doesn't start with Error 'the data is invalid'

asked 2021-04-30T05:41:34.533+00:00
David Scholz 21 Reputation points

Hi
I'm Browsing the net since a few days and spent some time trying to fix an issue I have. The Symptoms I have are the following:

Symptom 1. mpssvc doesn't start
I used to have two Event ID 7024 saying either 'The Windows Firewall Service terminated with the following service-specific error: The data is invalid'
or
the other one Shows in Eventlog 'The mpssvc Service terminated with the following service-specific error: The data is invalid'

IMPORTANT to note is that I always get both Messages, but after applying Fix 2 below, the Name is for both Events now 'The Windows Firewall..., so mpssvc vanished.

Symptom 2. the Computer is not reachable from the Network, but can connect to any other Systems.

I cannot ping, no PowerShell remoting, no RDP, no C$, but all is configured fine.

Symptom 3. Just once I had an error while booting
The gpsvs service failed the sign-in
The universal unique identifier (UUID) type is not supported

Fix 1. I've added NT Service/mpssvc to the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess as described here
https://support.microsoft.com/de-de/topic/einige-dienste-werden-in-windows-vista-nicht-gestartet-96be20bd-572c-538d-341b-bd938d5e7b1d
didn't help

Fix 2. I've added some keys (AuthenticationCapabilities, ColnitializeSecurityParam) to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost as described here
https://social.technet.microsoft.com/Forums/windows/en-US/c2002d14-a6fc-4b03-8f7f-07ba7dedd17e/windows-10-gpsvc-service-failed-the-sign-on

Again, no improvement. Firewall doesn't start!?

Fix 3. I've run 'netsh winsock reset'
Nothing unfortunately ;)

UPDATE
Fix 4
. Reinstalled the Firewall
c) Rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf as described here
https://answers.microsoft.com/en-us/windows/forum/all/how-to-reinstall-windows-firewall-service/d5bf7d36-cca6-4767-9e67-0e2a1bb28042
Is there anything else I could try?

Reinstalling the System is not an Option, as we've spent nearly 3 weeks in Qualifying the System for Pharmaceutical production.

rgds
Dave

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
5,888 questions
No comments
{count} votes

Accepted answer
  1. answered 2021-05-03T06:12:01.283+00:00
    Candy Luo 12,441 Reputation points

    Hi,

    Please first check if there are any malicious registry values. Malicious registry values below any of these keys might hinder MPSSVC from starting with error 0x8007000d(ERROR_INVALID_DATA):

    • HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\Mdm
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedInterfaces\IfIso
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System

    If it still doesn't work, we need collect Procmon to find the cause. However, analysis of Procmon is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

    Here is the link:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


3 additional answers

Sort by: Most helpful
  1. answered 2021-05-03T10:25:29.76+00:00
    David Scholz 21 Reputation points

    What shall I consider to be a 'malicious registry value'?


  2. answered 2021-05-04T12:43:05.68+00:00
    Gary Nebbett 3,831 Reputation points

    Hello @David Scholz ,

    Just to be certain, when you write:

    Symptom 2. the Computer is not reachable from the Network, but can connect to any other Systems.

    I cannot ping, no PowerShell remoting, no RDP, no C$, but all is configured fine.

    Do you mean that no inbound connections work, but all outbound connections do work?

    With the very limited amount of information available about the cause of your problem, it is difficult to think of where to start troubleshooting.

    What I would suggest first is to make a trace using Event Tracing for Windows. You probably won't be able to understand the trace output, so you would need to share it (e.g. by placing it on some service like OneDrive, Google Drive, etc. and sharing a link). It would be understandable if privacy/security concerns make sharing the trace data undesirable.

    There is no guarantee that the trace data will help, but I would try the following:

    1. Save the attached file to disk (the name is not important but will be needed for the next step): 93594-prov.txt
    2. Issue the command "logman start mpserr -ets -pf prov.txt -o mpserr.etl" (assuming that you named the file "prov.txt").
    3. Try to start the service (e.g. issue a command like "sc start mpssvc").
    4. After the service start fails, stop the tracing with a command like "logman stop mpserr -ets".
    5. Share the mpserr.etl file.

    As I said earlier, the trace might contain no useful data - this really is a long shot...

    Gary


  3. answered 2021-05-17T06:23:23.783+00:00
    David Scholz 21 Reputation points

    Hi
    I've found the solution, which I was made myself… I'M using PowerShell DSC to do some Basic configs on our Clients. In there I had one error in the registry configuration of the Firewall. I've simply missed to set the 'Valuetype' to 'DWORD, and if this is the case, PowerShell sets the key type to a value of 'REZ_SZ'. And that is why the Service didn't start anymore.

    The CONFIG I APPLIED

    Registry FirewallOFFDOMAINPROFILE
    {
    Ensure="Present" Key="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile"
    ValueName="EnableFirewall"
    ValueData="1"
    }

    HOW IT HAS TO BE:

    Registry FirewallOFFDOMAINPROFILE
    {
    Ensure="Present" Key="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile"
    ValueName="EnableFirewall"
    ValueData="1"
    ValueType="DWORD"
    }