Windows Firewall Service Health - Microsoft.Windows.Server.10.0.OperatingSystem.FirewallServiceHealth (UnitMonitor)

Microsoft.Windows.Server.10.0.OperatingSystem.FirewallServiceHealth (UnitMonitor)

Monitors the health of the Windows service for the Windows Firewall

Knowledge Base article:

Summary

The Windows Firewall service helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.

Causes

A service can stop for many reasons, including:

The service encountered an exception that stopped the service.
The service was improperly configured, which prevented it from starting.
The service was prevented from starting because the user account assigned to the service could not be authenticated.

Resolutions

If this service is stopped, you will unprotected. If restarting the service doesn’t resolve the issue and the Operating System is unable to boot in Normal Mode the configuration of the service may need to be updated in Safe Mode. Once in Safe Mode the service should be configured with a startup type of “Automatic” and the Log On configuration should be set to “Local System”.

The service can be restarted using the following task:

Start the Firewall service

Element properties:

Target

Microsoft.Windows.Server.10.0.OperatingSystem

Parent Monitor

Microsoft.Windows.Server.10.0.OperatingSystem.CoreServicesRollup

Category

StateCollection

Enabled

True

Alert Generate

True

Alert Severity

Error

Alert Priority

Normal

Alert Auto Resolve

True

Monitor Type

Microsoft.Windows.CheckNTServiceStateMonitorType

Remotable

True

Accessibility

Public

Alert Message

Windows Firewall Service Stopped

The Windows Firewall service on server {0} has stopped running

RunAs

Default

Source Code:

<UnitMonitor ID="Microsoft.Windows.Server.10.0.OperatingSystem.FirewallServiceHealth" Accessibility="Public" Enabled="true" Target="ServervNext!Microsoft.Windows.Server.10.0.OperatingSystem" ParentMonitorID="Microsoft.Windows.Server.10.0.OperatingSystem.CoreServicesRollup" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.CheckNTServiceStateMonitorType" ConfirmDelivery="false"> <Category>StateCollection</Category> <AlertSettings AlertMessage="Microsoft.Windows.Server.10.0.OperatingSystem.FirewallServiceHealth.AlertMessage"> <AlertOnState>Error</AlertOnState> <AutoResolve>true</AutoResolve> <AlertPriority>Normal</AlertPriority> <AlertSeverity>Error</AlertSeverity> <AlertParameters> <AlertParameter1>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</AlertParameter1> </AlertParameters> </AlertSettings> <OperationalStates> <OperationalState ID="NotRunning" MonitorTypeStateID="NotRunning" HealthState="Error"/> <OperationalState ID="Running" MonitorTypeStateID="Running" HealthState="Success"/> </OperationalStates> <Configuration> <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName> <ServiceName>MpsSvc</ServiceName> </Configuration> </UnitMonitor>