Howdy folks, this is Ajay Sarkaria once again!
We have seen a surge in support cases where the Windows firewall service crashes if the firewall logging for dropped and allowed connections is enabled on Windows 8.1 or Windows Server 2012 R2.
Symptoms include:
- The SVCHOST instance containing Windows Firewall Service (mpssvc) Crashes on Windows 8.1 / Windows Server 2012 R2
- Applications that talk to the Firewall Service hang, stop responding or crash because the Firewall service is hung
- If the Windows Server 2012 R2 also has the DirectAccess role installed, you may notice that the DirectAccess clients get disconnected as the Windows Firewall Service crashes on the DirectAccess Server
- The Windows firewall service crash may impact all L2TP VPN and IPSEC connections affecting both Clients and Servers
- On multiple Windows Server 2012 R2 cluster systems, Cluster Shared Volumes may sporadically go into a Paused State (Event ID 5120) with the error code c000020c STATUS_CONNECTION_DISCONNECTED. This may result in the crash of the virtual machines which are hosted on these CSVs. All the CSVs may be impacted, not just one specifically
If you are experiencing this issue, please install the update that is described in the following Knowledge Base article:
3155768 Firewall service freezes and crashes if the firewall logging is enabled in Windows
Until next time!
Ajay Sarkaria
Supportability Program Manager – Windows