Windows firewall service wont start on Server 2008

Hi - I have posted this question once before but it did not get resolved. Have also looked extensively online for answers but have had no luck.

Basically the Windows Firewall service on 2 of our servers won't start with "server specific error code 2144206813".  The only means of resolving it is to remove the server from the domain, delete it's entry in AD. Then log onto the server locally and start the Windows Firewall service. Rejoin it to the domain and Bingo!  it works.
However, the next time that the server is rebooted for any reason, the firewall service turns off again and can't be restarted which takes us back to step one.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Patrick BogersDatacenter platform engineer LindowsCommented:

Can it be those 2 servers are bound to a GPO that not allows the windows firewall to be turned on (or are prevented by commercial anti virus software?)
Iradat SiddiquiCommented:
I had experiance the same problems with Windows Vista
First try with this command

rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf

This should reinstall "firewall"
I think that you will have the same error .

Then Try this

The error means "Access is denied".

This may happen if the "MpsSvc" account doesn't have the necessary permissions for the related registry keys.

For the NT Service\MpsSvc account, it needs permissions for the following keys:


Query Value;Set Value


Full Control;Read


Full Control;Read

Add the permission for the account on these registry keys.Here are the steps for the Windows Firewall service:

1. In Registry Editor, browse to the key for which you need to add permission.
2. Right click the key, and click Permissions.
3. Make sure Locations is selected to be the local computer.
4. In the "Enter the object names to select field, type "NT SERVICE\mpssvc". Then click “Check name.”
5. Click OK.
6. Then select the account which appears in the list, and add the appropriate permission for it.
7. When this is done, click OK.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.