Event Id | 5027 |
Source | Microsoft-Windows-Security-Auditing |
Description | The Windows Firewall Service was unable to retrieve the security policy from the local storage. The service will continue enforcing the current policy. Error Code:%t%1 |
Event Information | According to Microsoft : Cause : This event is logged when Windows Firewall Service was unable to retrieve the security policy from the local storage. Resolution : Free up memory resources Windows was not able to retrieve the firewall or Internet Protocol security (IPsec) policy from the local registry, or process the policy that it found there. This error indicates one of two situations, low memory resources or registry corruption. Both can result in similar symptoms. Attempt the resolution in the Low memory resources section first. Low memory resources If excessive demands are placed on the memory resources of a computer, such as when more programs are running than the computer can adequately support, then common operating system functions can fail. To solve this situation perform one or more of the following steps:
If the system registry is corrupted, then the policy cannot be retrieved. The only supported solution to this condition is to reinstall the operating system. Registry corruption cannot be reliably repaired. Verify : You can verify that your computer is successfully retrieving and processing firewall and Internet Protocol security (IPsec) settings and rules by examining the Event Viewer logs and looking for messages that indicate successful firewall policy processing. To verify that firewall policy is being retrieved and processed correctly:
You can also change a rule (in locally stored policy or a Group Policy object), and then examine the rules on the computer to confirm that the changed rule was received and processed correctly. Use the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-in or the netsh advfirewall command-line tool to examine the rules on the local computer. The exact branch in the snap-in or the netsh command to use depends on the rule that you want to change. |
Reference Links | Event ID 5027 from Microsoft-Windows-Security-Auditing |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.