I'm trying to create and start a windows service using PowerShell.
The service is created but cannot be started when I use various names besides one particular name.
When I create the service with the name of the exe file it can be started but when I give it a different name it fails to start.
I'm running the PowerShell script as administrator.
Any advises?
function InstallService(
[string] $MsDeployHost,
[string] $ServiceName,
[string] $DisplayName,
[string] $ServicePath,
[string] $ServiceDescription,
[object] $Credential) {
if($MsDeployHost -eq "local") {
New-Service -name $ServiceName -binaryPathName $ServicePath -displayName $ServiceName -StartupType Automatic
Start-Service -name $ServiceName
} else { ....
The Error I get:
Start-Service : Service 'Service1
(Service1)' cannot be started due to the following error:
Cannot start service Service1 on computer '.'.
When I try to start it manually I get:
"Error 1053: The service did not respond to the start or control request in a timely fashion"
The problem is that, unless your service is written to handle it, you need to use a particular service name in order to run a particular service (and note that the name is case-sensitive). This is because the service, on startup, needs to register with the Service Control Manager to receive start/stop notifications and send status updates, using its service name. If you install the service with a different name, but the executable has no way of knowing this (through a configuration setting or whatnot), this registration will fail and the service can't start (to the operating system, it will look as if the service is failing to respond).
You can set the display name to whatever you like, but you cannot use an arbitrary service name unless the service is designed to support this.
My problem was that the service was Disabled in the services control manager.
I then put it in manual state and Start-Service worked.
hth
I had the same problem, for me the issue was that the service was supposed to run with a user's credentials and the user's password has changed - after which the service could not log in anymore and failed to run.
You can review the "Service Control Manager" log, immediately after the failure, like this:
> Get-EventLog -LogName System -Source 'Service Control Manager' -Newest 5
----- ---- --------- ------ ---------- -------
19762 Sep 30 12:31 Error Service Control M... 3221232472 The SERVICE_NAME service failed to start due to the following error: ...
19761 Sep 30 12:31 Error Service Control M... 3221232510 The SERVICE_NAME service was unable to log on as .\USERNAME with the currently configured password due to the following error: ...
#...
> (Get-EventLog -LogName System -Source 'Service Control Manager' -Newest 5)[1] | Format-List
Index : 19764
EntryType : Error
InstanceId : 3221232510
Message : The SERVICE_NAME service was unable to log on as .\USERNAME with the currently configured password due to the following error:
%%1326
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Category : (0)
CategoryNumber : 0
ReplacementStrings : {SERVICE_NAME, .\USERNAME, %%1326}
Source : Service Control Manager
TimeGenerated : 9/30/2021 12:35:02 PM
TimeWritten : 9/30/2021 12:35:02 PM
UserName :
Error 1326 is "Bad username or password".
If this is also a .NET Console Application, you must call ServiceBase.Run in your main method in Program.cs. This fixed this error for me.
See more specific code here:
.NET console application as Windows service
For me it was an incorrect value in appsettings.json. Did not escape some special characters.
This error message is very generic and does not say anything useful.
The reason could be missing configuration files, missing .NET frameworks or anything that the program depends on.
To see the real reason open the Windows event log and look for any errors under Windows Logs -> Application.
Related
I am doing some automated uninstalls of Autodesk software, and Autodesk has once again screwed the pooch with their uninstalls. Their uninstall is supposed to do reference counting on certain shared components, like their Single Signor Service, Autodesk Genuine Service, Licensing service, etc. The problem is, when you are uninstalling that last ADSK product, the uninstaller is too stupid to stop the service, so their uninstaller fails with a 1603 fatal error. Last year you could stop the services before you started the uninstall, but this year I am getting this error
Stop-Service : Service 'Autodesk Access Service Host (Autodesk Access Service Host)' cannot be stopped due to the following error: Cannot open Autodesk Access Service Host service on computer '.'.
When using this code
Get-Service -Name "Autodesk Access Service Host" | Stop-Service -Force -NoWait
I have verified with
(Get-Service -Name "Autodesk Access Service Host").CanStop
that service can be stopped. At least according to the property.
I also tried
Start-Process "$env:WINDIR\system32\sc.exe" \\.,stop,"Autodesk Access Service Host" -NoNewWindow -Wait
while ((Get-Service -ComputerName '.' -Name "Autodesk Access Service Host" |
Select -ExpandProperty Status) -ne 'Stopped') {
Write-Host "Waiting for service to stop..."
Start-Sleep -Seconds 10
}
And that has run for 15 minutes with no results. Interestingly I CAN disable the service, but I really don't want that. I just want to stop it temporarily, so IF the Autodesk uninstall that is running is the last one with a dependency on this service will uninstall it correctly and returns the correct exit code of 0.
EDIT: I tried
sc stop "Autodesk Access Service Host"
from an elevated command prompt and that shows
STATE : 3 STOP_PENDING
(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
so not really sure how to take STOP_PENDING along with NOT_STOPPABLE, nor why this would say NOT_STOPPABLE when the property above shows true.
I have a non-admin access to a server. I'm allowed to connect via RDP, and to use PowerShell remoting. When I invoke the following PowerShell command from an RDP session:
Get-WinEvent -MaxEvents 100 -Provider Microsoft-Windows-TaskScheduler
I get 100 records, as expected.
When I do the same via PowerShell remoting, by invoking the following from my local machine:
invoke-command -ComputerName myserver {Get-WinEvent -MaxEvents 100 -Provider Microsoft-Windows-TaskScheduler }
I get an error:
No events were found that match the specified selection criteria.
CategoryInfo : ObjectNotFound: (:) [Get-WinEvent], Exception
FullyQualifiedErrorId : NoMatchingEventsFound,Microsoft.PowerShell.Commands.GetWinEventCommand
Any idea why? The remote PowerShell session should be running under identical credentials, right?
EDIT: whoami does show a difference in the security context between RDP logon and PowerShell remoting - the group set is different. In the RDP logon session, there are the following groups in the token:
BUILTIN\Remote Desktop Users
NT AUTHORITY\REMOTE INTERACTIVE LOGON
while in the remoted one, there's
CONSOLE LOGON
That could account for the discrepancy in rights...
EDIT: from the registry, it looks like the task scheduler log somehow is a part of the System log. According to MS KB article Q323076, the security descriptor for the System log can be found under HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System, value CustomSD. I can't check the server in question, but on another server where I'm an admin, there's no CustomSD under that key. Under HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\Microsoft-Windows-TaskScheduler, neither. Only the Security log gets a CustomSD. The next question is, where's the default SD?
Permissions on the actual log file at C:\Windows\System32\winevt\LogsMicrosoft-Windows-TaskScheduler%4Operational.evtx are irrelevant, the access is being mediated by the EventLog service anyway.
If you are not an administrator on the remote computer, and invoke-command -ComputerName myserver {whoami /all} tells you are who you expected to be.
You will need to be part of Event Log Reader group on the remote computer.
As well as Remote Management Users group, which I believe you already are.
If you need to read security logs, you will also need Manage auditing and security log under Local Security Policy -> Security Settings -> Local Policies -> User Rights Assignment
According to Default ACLs on Windows Event Logs # MSDN blog, in Windows Server 2003+, the default ACL for the System log goes:
O:BAG:SYD:
*(D;;0xf0007;;;AN) // (Deny) Anonymous:All Access
*(D;;0xf0007;;;BG) // (Deny) Guests:All Access
(A;;0xf0007;;;SY) // LocalSystem:Full
(A;;0x7;;;BA) // Administrators:Read,Write,Clear
(A;;0x5;;;SO) // Server Operators:Read,Clear
(A;;0x1;;;IU) // INTERACTIVE LOGON:Read <===================
(A;;0x1;;;SU) // SERVICES LOGON:Read
(A;;0x1;;;S-1-5-3) // BATCH LOGON:Read
(A;;0x2;;;LS) // LocalService:Write
(A;;0x2;;;NS) // NetworkService:Write
Does NT AUTHORITY\INTERACTIVE LOGON include RDP logon? I've found a forum message that says so, but I'd better find a doc to that effect...
The article claims this ACE comes "straight from the source code". So it's hard-coded in the service, with a chance to change via the registry.
You need local admin rights to open a powershell session.
But there is a workaround/alterative here:
https://4sysops.com/archives/powershell-remoting-without-administrator-rights/
I had the weirdest variation of this problem, was driving me nuts !
Remoting from a server W2008r2 (logged on as domain admin, inside interactive powershell session) to workstation Win7 to get logon/logoff events :
invoke-command -computername $pc {Get-WinEvent -FilterHashtable #{logname='
Security';Id=#(4624,4634)}}
-> No events were found that match the specified selection criteria.
But it does work when outputting an empty string in the scriptblock before the Get-Winevent :
invoke-command -computername $pc {"";Get-WinEvent -FilterHashtable #{lognam
e='Security';Id=#(4624,4634)}}
TimeCreated ProviderName Id Message PSComputerName
----------- ------------ -- ------- --------------
19/03/2018 11:51:41 Microsoft-Windows-Se... 4624 An account was succe... b25_x64
19/03/2018 11:51:41 Microsoft-Windows-Se... 4624 An account was succe... b25_x64
Stumbled upon this fix after trying everything: Enter-Pssession, New-Pssession, using -credential parameter to pass a predefined credential to invoke-command, to get-winevent, to both. Nothing worked, gave "No events..." in every combination.
Then I inserted a $cred inside the scriptblock to show the passed on credential for debugging, and suddenly I got the events I was looking for...
I am having problems with a powershell script.
I wrote a script that would search for a windows service with a specific name, and it would Stop or Start this service.
It works when I run it on a server which I log into with a service account that I know that can access the service console. However when it runs off of my build server, the script is no longer able to find the services. I tried giving the service account that runs script the same privaledges as the other service account but that doesn't seem to work.
[System.ServiceProcess.ServiceController]$service = Get-Service -Name $ServiceName -ComputerName $Remoteserver -ErrorAction SilentlyContinue
That is the line that is not longer able to find the service. What am I doing wrong. Is there a way to impersonate a user that can find the service? Any help would be appreciated.
You could try supplying the credentials of the service account using the -Credential parameter. However, since you imply that it used to work with the account that runs the script remotely and no longer does, I think a more likely culprit is that $ServiceName used to only match one service on the target computer, and now there is another service whose name matches that string. If more than one service matches the -Name parameter, Get-Service returns an array of ServiceController objects.
Try running it without ErrorAction -SilentlyContinue. If you get the following error message, then that's what's happening:
Cannot convert the "System.Object[]" value of type "System.Object[]" to type "System.ServiceProcess.ServiceController".
If you get a different error message, please add the full error message to the question.
So I am trying to use Powershell to start a windows service. I have the service installed just fine, but when I call Start-Service -Name $name I am recieving the following error.
Start-Service : Service 'IncidentManagementService (IncidentManagementService)' cannot be started due to the following error: Cannot start service IncidentManagementService on computer '.'.
I have powershell running as an Administrator and I also tried going under the properties of the .exe file and checking "run as admin" to no avail.
If anyone could give me a clear reason as to why the service is not starting it would be much appreciated.
In my case the service is disabled... so is the reason I am getting that error.
I have three servers, let's call them Deploy1, Deploy2, Target.
All servers are running Windows Server 2008R2, fully updated.
A domain user, admin1, is configured as administrator on all servers, and this is the user I'm running all the commands with.
The following command works on Deploy1:
Get-Service "MyService" -ComputerName Target | Stop-Service
When running the same command on Deploy2, the command fails with the following message:
Cannot find any service with service name 'MyService'.
On Deploy2, the following command works, and displays the service and its status.
Get-Service "MyService" -ComputerName Target
Now, I know there are other ways to stop/start services via PowerShell, but I like this one as it automatically waits for the server to actually stop/start.
So what could be wrong with Deploy2?
Powershell v2.0 has a bug (feature?) in how the object returned by Get-Service is implemented. It does not actually set the ComputerName property correctly. Because of this, it can only affect local services. If you upgrade to Windows Management Framework 3.0 (and consequently Powershell v3) the bug is fixed and will work correctly.
Does this work? If not, is there an error produced?
(Get-Service "MyService" -ComputerName Target).Stop()