interview question and answer

March 20, 2012

Troubleshooting for Services issue on Windows 2008 R2


1. Diagnostic Policy Service fails with Access Denied
Solution:
· Navigate to the following key: HKLM\System\CurrentControlSet\Control\WDI\Config
· Grant full permission to the ‘NT Service\DPS’ account on the key.
Note: This is a Local account and not on domain. You need to change the location from domain to local while searching for the accounts.
2. Firewall service fail to start with Error Code 5
Run Procmon.exe and you would notice access denied logs on the following keys:
HKLM\System\CurrentControlSet\Services\SharedAccess\Epoch
HKLM\System\CurrentControlSet\Services\SharedAccess\Epoch2
Solution:
· Navigate to the keys and grant full permission to the following accounts:
NT Service\MPSSVC and NT Authority\Network Service
Note: These are Local accounts and not on domain. You need to change the location from domain to local while searching for the accounts.
· Start the Firewall Service. It should start successfully.
3. Windows Event Log service fail to start with Access Denied error
Again, Procmon.exe shows that we have access denied on C:\Windows\System32\WinEvt folder.
Solution:
· Navigate to the above mention folder and edit permissions
· Grant full permission to the local account NT Service\EventLog

Note: These are Local accounts and not on domain. You need to change the location from domain to local while searching for the accounts.
4. Multiple Services fail to start with dependency failure error
or Access denied while starting Base Filtering Service
Multiple Services on Windows 2008 R2 fail to start with dependency failure error. The following services fail to start:
IPsec Policy Agent (PolicyAgent)
Windows Firewall
IKE and AuthIP IPsec Keying Modules
Internet Connection Sharing (ICS)
Routing and Remote Access
Reason: These services are directly or indirectly dependent on Base Filterning Agent service, which is failing with Access Denied Error. We need to fix Base Filtering Agent first.
Solution:
· Navigate to the following registry key: HKLM\System\CurrentControlSet\Services\BFE
· Grant full permission to the NT Service\BFE account on the above mentioned key.
· Also ensure that the following subkey is inheriting permission for BFE account:
HKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent

No comments: