Event ID 5037 — Firewall Service and Driver Initialization

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

red

The Windows Firewall service (MpsSvc) and its supporting driver must be running to provide the core firewall functionality and to manage the firewall and connection security rules that define how the firewall operates. When appropriate auditing events are enabled (http://go.microsoft.com/fwlink/?linkid=92666), Windows reports successes and failures in starting the required software components, or when the components stop operating due to a failure.

Note: Because the Windows Firewall services applies Windows service hardening rules to standard Windows Networking services, Microsoft does not support stopping the Windows Firewall service. If you do not want to use Windows Firewall, turn the firewall features off without stopping the service.

Event Details

Product: Windows Operating System
ID: 5037
Source: Microsoft-Windows-Security-Auditing
Version: 6.1
Symbolic Name: SE_AUDITID_ETW_MPSFIREWALL_DRIVER_CRITICAL_ERROR
Message: The Windows Firewall Driver detected critical runtime error. Terminating.

Error Code:%t%1

Resolve

Examine the error code reported and then restart the service

Windows logs an error if either the Windows Firewall service or its driver fails to start, or if they unexpectedly terminate. The error message indicates the cause of the service failure by including an error code in the text of the message. Review the information for the error code, and then restart the Windows Firewall service.

To perform these procedures, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

Review the error code

To review the error code:

To determine the meaning of the error code, open a command prompt, and then type net helpmsg errnum. Take the corrective action indicated by that error code.

Note: For a complete listing of Win32 error messages, see http://go.microsoft.com/fwlink/?LinkId=83027.

Restart the Windows Firewall service

To restart the Windows Firewall service:

  1. You can restart the service by using a command prompt or by using the Services MMC snap-in. Do one of the following:
    • Open an administrative command prompt. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. At that command prompt, run the command net start mpssvc.
    • Click Start, type services.msc in the Start Search box, and then press ENTER. In the Name column of the Services snap-in, right-click Windows Firewall, and then click Start.
  2. If the attempt to restart only the service fails, then restart the computer. This forces all related and dependent services to restart.
  3. If the error persists after the computer restarts, then the executable files for the driver or service might be corrupted, and the operating system must be reinstalled.

Verify

You can verify that the Windows Firewall service is running by using the Services Microsoft Management Console (MMC) snap-in or the net start command-line tool.

To verify that the Windows Firewall service is running:

Check the status by using the Services MMC snap-in

To perform this procedure, you must have membership in the local Administrators group, or you must have been delegated the appropriate authority.

  1. Click Start, type services.msc in the Start Search box, and then press ENTER.
  2. In the Services MMC snap-in, find Windows Firewall, and then confirm that Started appears in the Status column.

Check the status by using the net start command-line tool

  • At a command prompt, type net start, and then verify that Windows Firewall is listed as one of the services currently running on the computer.

Related Management Information

Firewall Service and Driver Initialization

Windows Firewall with Advanced Security

Community Additions

ADD
Show: