Re: Firewall Service Cannot Start When Not Connected to Domain



"Jack [MVP-Networking]" <jack@xxxxxxxxxxxxxxxxxxx> wrote in message
news:OYKC3QLbKHA.5156@xxxxxxxxxxxxxxxxxxxxxxx
No it is not a feature. ;)
Just being of the Domain just not mean that the computer is automatically
re-configured itself for regular Peer-to-Peer network.
Who ever configures the domain has to take a look to make sure that the
right open configuration is available.

I think we may be talking different points. Distinguish two cases:

Case A: Disconnect from the domain and start the computer. After
firewall starts, it has a different configuration than the one in the
domain.

Case B: Disconnect from the domain and start the computer. Firewall
refuses to start at all. Attempts to manually start the firewall *service*
fail. There is no issue about the firewall's configuration because the
firewall cannot even be started.

I am describing Case B. This isn't an issue of how we configured the
firewall rules in or out of the domain. This is a Windows service startup
issue. The firewall service cannot even be started.

--
W


"W" <persistentone@xxxxxxxxxxxxxx> wrote in message
news:TsKdnQ3I1cmJtJbWnZ2dnUVZ_uydnZ2d@xxxxxxxxxxxxxxx
"Jack [MVP-Networking]" <jack@xxxxxxxxxxxxxxxxxxx> wrote in message
news:erFE50xaKHA.428@xxxxxxxxxxxxxxxxxxxxxxx
Hi
When it is Off the domain what are you trying to connect to?
Who ever controls the Domain Polices has to configure the computer to
function in a none domain environment when needed.
Jack (MS, MVP-Networking).

What I am saying is that when the computer is off the domain, the
firewall service is *refusing to startup at all*. That cannot be a
feature, can it?


--
W

"W" <persistentone@xxxxxxxxxxxxxx> wrote in message
news:y-OdnS6burgm5JrWnZ2dnUVZ_vSdnZ2d@xxxxxxxxxxxxxxx
We have a Vista Ultimate installation with all service packs installed.
Both the local security policy and the domain policy after joining a
domain have the reserved accounts NETWORK SERVICE and LOCAL SERVICE
configured to start as a service. If we disconnect the notebook
from the domain and restart it, the Windows Firewall service refuses to
start. All attempts to manage the firewall fail because the service
reports it has not started. If you manually attempt to start the
firewall service it fails.

As soon as we put the notebook back on the domain network and reboot it
works.

Does anyone have any insight on why this happens and how we can get the
firewall to start? Any sequence that effectively prevents the
firewall from starting strikes me as a pretty serious misfeature. The
notebook is often used to configure devices by cross connecting
straight to the device, so we cannot count on being on the domain
network, but clearly we want a working firewall at all times.


.