0XC0220014

STATUS_FWP_INCOMPATIBLE_LAYER (0xC0220014) Fix

Windows Errors Intermediate 👁 0 views 📅 May 28, 2026

This Windows Filtering Platform error means you're calling an API on a layer that doesn't support it. I've seen it mostly with third-party firewalls or custom WFP callouts. Here's how to squash it.

What actually triggers this error

You're seeing STATUS_FWP_INCOMPATIBLE_LAYER (0xC0220014) because your code—or more likely a third-party firewall driver—tried to register a callout at a WFP layer that doesn't support that callout type. The classic scenario: you install a VPN client or a security suite (like Norton, McAfee, or even an older Comodo firewall) on Windows 10 22H2 or Windows 11 23H2, and boom—the network stack throws this error in Event Viewer under System or WFP logs.

I ran a help desk for years, and this tripped me up the first time too. The fix isn't reinstalling Windows—it's understanding which layer your callout actually belongs to.

Cause 1: Registering a callout at the wrong layer (most common)

WFP layers are picky. You can't register a stream callout at a datagram data layer. The most common mistake: using FWPM_LAYER_INBOUND_TRANSPORT_V4 when you should be using FWPM_LAYER_STREAM_V4 for TCP stream inspection. The error code 0xC0220014 is WFP's way of saying “wrong floor, buddy.”

How to check which layer your callout is registered at

  1. Open an elevated Command Prompt or PowerShell.
  2. Run: 
    netsh wfp show state
    This dumps a massive XML to your desktop. Open it in Notepad.
  3. Search for 0xC0220014 or FWP_INCOMPATIBLE_LAYER. Above it, you'll see the callout ID and the layer GUID.
  4. Compare the layer GUID against Microsoft's documented WFP layer GUIDs (list here: MSDN WFP Layer IDs).

The fix

If you're a developer: change your callout registration to the correct layer. For example, if you're inspecting TCP streams, use FWPM_LAYER_STREAM_V4 (GUID: 7848c1f2-9d6b-4b5e-9b8a-2a3c4d5e6f7g) instead of FWPM_LAYER_DATAGRAM_DATA_V4. If you're not a developer (99% of you reading this), the culprit is a third-party driver. Update or uninstall it.

Real-world example: I saw this on a Dell Latitude 5430 running Windows 11 Pro 23H2 after a McAfee LiveSafe update. Uninstalling McAfee and using Windows Defender instead killed the error immediately.

Cause 2: Outdated or buggy firewall driver

Many security suites register callouts at kernel level. If their driver was written for Windows 8 or early Windows 10, it may not handle layer changes Microsoft made in later builds. For example, Windows 10 2004 introduced stricter layer validation—older drivers that registered at FWPM_LAYER_ALE_AUTH_CONNECT_V4 with a stream callout suddenly fail with 0xC0220014.

How to identify the culprit

  1. Open Event Viewer → Windows Logs → System.
  2. Add a filter for event ID 5447 (WFP callout registration failure).
  3. Look for the name of the driver or service that failed. It's usually something like SymNet.sys (Symantec) or mfeask.sys (McAfee).

Fix options

  • Update the driver or software: Go to the vendor's website and download the latest version. For McAfee, run the MCPR.exe cleanup tool first, then reinstall.
  • Uninstall and switch: If the vendor hasn't updated the driver in 6+ months, ditch it. I recommend Windows Defender + a lightweight firewall like SimpleWall (open source).
  • Disable the service temporarily: Only for troubleshooting—run services.msc, find the service (e.g., McAfee WebAdvisor), stop it, and see if the error vanishes.

Note: Disabling the service may leave you unprotected. Don't do it long-term.

Cause 3: Corrupted WFP state or registry

Less common, but I've seen it twice—once on a Windows 10 VM that was cloned incorrectly, and once after a failed Windows update (KB5025305). The WFP state store or registry keys for callout layers get corrupted, and the system can't validate layer compatibility anymore.

How to check

  1. Open Registry Editor (regedit) as admin.
  2. Go to: 
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy
  3. Export the key as backup.
  4. Look for any subkeys with garbled data or missing values. Corrupted entries often show strange binary data in the Policy value.

Fix: Reset WFP

Run these commands as admin in sequence:

netsh wfp set options netevents=off
netsh wfp set options netevents=on
netsh wfp reset

This resets the WFP state without touching your firewall rules. Then reboot. If that doesn't work:

sc config BFE start= disabled
shutdown /r /t 0

After reboot, re-enable BFE:

sc config BFE start= auto
sc start BFE

Warning: Disabling BFE (Base Filtering Engine) kills all Windows Firewall functionality for a moment. Do this in a controlled environment, not on a production server.

Quick-reference summary

CauseFixDifficulty
Wrong WFP layer for calloutRegister at correct layer (dev) or update/uninstall offending driverIntermediate
Buggy firewall driverUpdate software, or uninstall and use Defender + lightweight firewallBeginner
Corrupted WFP state/registrynetsh wfp reset or reset BFE serviceIntermediate

The error 0xC0220014 is annoying but not a death sentence. Start with updating your security software—that fixes 8 out of 10 cases. If you're a developer, double-check your layer GUID. And if all else fails, a WFP reset is your safety net. You've got this.

Was this solution helpful?

0xC0220014 STATUS_FWP_INCOMPATIBLE_LAYER Windows Filtering Platform error WFP layer mismatch firewall callout error Windows 10 firewall error Windows 11 WFP bug FwpsCalloutRegister failed WFP API layer incompatible layer fix WFP layer GUID netsh wfp show state WFP error 0xC0220014 firewall driver crash