IIS & SMTP Service shut down when successfully apply Security policy

  • Article

Here is the story about the issue. IISSVC and SMTPSVC services are changed from auto start to disabled and stopped in all domain machines.

 

Following event message was logged in Application log:

Event Type: Information

Event Source: SceCli

Event Category: None

Event ID: 1704

Date: 3/17/2010

Time: 3:54:09 AM

User: N/A

Computer: ComputerName

Description:

Security policy in the Group policy objects has been applied successfully.

 

Additional, following entries were logged in the System Event log.

Event Type: Information

Event Source: Service Control Manager

Event Category: None

Event ID: 7040

Date: 3/17/2010

Time: 3:54:07 AM

User: NT AUTHORITY\SYSTEM

Computer: ComputerName

Description:

The start type of the World Wide Web Publishing Service service was changed from auto start to disabled.

 

Event Type: Information

Event Source: Service Control Manager

Event Category: None

Event ID: 7036

Date: 3/17/2010

Time: 3:54:08 AM

User: N/A

Computer: ComputerName

Description:

The World Wide Web Publishing Service service entered the stopped state.

 

Root Cause

In the MSDT report, the services were disabled by improper setting in the “Default Domain Policy”

Gpresult.txt

GPO: Default Domain Policy

                ServiceName: W3SVC "World Wide Web Publishing Service"

                Startup: disabled

 

GPO: Default Domain Policy

                ServiceName: SMTPSVC "Simple Mail Transfer Protocol (SMTP)"

Startup: disabled

 

Solution

Correct the improper settings on DC in the domain.

1. Logon to one DC in the domain.

 

2. Run GPMC.msc to open group policy management

 

3. Right click default domain policy on the opened window and select edit.

 

4. Navigate to the path below.

Computer configuration\windows settings\security settings\system services\

 

 

5. Select the World Wide Web Publishing Service on right panel and change it start mode to automatic

 

 

 

 

 

 

6. Select Simple Mail Transfer Protocol (SMTP) and config it start mode to automatic also.

 

7. Then, please wait for some time until the change had replicated to all other DCs in the domain. (By default the intra-site replication interval was 5 MINs and the inter-site replication interval was 180 MINs.)

 

8. Reboot corresponding server to force refresh/apply the policy settings.

 

Regards,

 

Anik