Home
%3CLINGO-SUB%20id%3D%22lingo-sub-770603%22%20slang%3D%22en-US%22%3EWMSVC%20(Web%20Management%20Service)%20Failing%20to%20start%20with%20%22Access%20Denied%22%20or%20error%20code%20'5'%20on%20WS2019%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-770603%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20that%20%22Block%20untrusted%20fonts%22%20policy%20has%20been%20enabled%2C%20then%20there's%20a%20known%20issue%20that%20denies%20the%20Web%20Management%20Service%20from%20starting.%20This%20is%20%3CSTRONG%3Eonly%20on%20Windows%20Server%202019%3C%2FSTRONG%3Eas%20of%20now.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20issue%20has%20been%20fixed%20in%20Windows%20Server%20v1903%20(the%20semi-annual%20channel)%20and%20will%20not%20occur%20on%20that%20or%20newer%20OSes.%20It%20also%20does%20not%20occur%20on%20Windows%20Server%202016.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20the%20policy%20has%20%3CSTRONG%3Enot%3C%2FSTRONG%3Ebeen%20enabled%2C%20then%20this%20post%20does%20not%20apply%20to%20your%20scenario.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESide%20notes%3A%3C%2FP%3E%0A%3CP%3EThat%20policy%20has%20not%20been%20recommended%20since%202017%3A%20%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fsecguide%2F2017%2F06%2F15%2Fdropping-the-untrusted-font-blocking-setting%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fsecguide%2F2017%2F06%2F15%2Fdropping-the-untrusted-font-blocking-setting%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWith%20the%20policy%20enabled%2C%20there%20will%20be%20nothing%20logged%20in%20Event%20Viewer%20(see%20the%20policy%20for%20logging%20info)%20to%20indicate%20WMSVC.exe%20was%20blocked%20from%20starting.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EPolicy%3A%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fblock-untrusted-fonts-in-enterprise%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fblock-untrusted-fonts-in-enterprise%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-770603%22%20slang%3D%22en-US%22%3E%3CP%3EIf%20WMSVC%2FWeb%20Management%20Service%20on%20%3CSTRONG%3EWindows%20Server%202019%20only%20%3C%2FSTRONG%3Eis%20failing%20to%20start%2C%20and%20you%20receive%20an%20%22access%20denied%22%20or%20'5'%20error%20code%2C%20check%20if%20the%20%22Block%20Untrusted%20Fonts%22%20group%20policy%20has%20been%20applied%20to%20the%20machine.%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

If that "Block untrusted fonts" policy has been enabled, then there's a known issue that denies the Web Management Service from starting. This is only on Windows Server 2019 as of now.

 

The issue has been fixed in Windows Server v1903 (the semi-annual channel) and will not occur on that or newer OSes. It also does not occur on Windows Server 2016.

 

If the policy has not been enabled, then this post does not apply to your scenario.

 

Side notes:

That policy has not been recommended since 2017:
https://blogs.technet.microsoft.com/secguide/2017/06/15/dropping-the-untrusted-font-blocking-setting...

 

With the policy enabled, there will be nothing logged in Event Viewer (see the policy for logging info) to indicate WMSVC.exe was blocked from starting.

 

Policy:

https://docs.microsoft.com/en-us/windows/security/threat-protection/block-untrusted-fonts-in-enterpr...