PsExec and invalid handles - batch-file

I am trying to use a windows batch script that uses PsExec to execute commands on a remote machine. Periodically it has "invalid handle" and the script then fails.
The script has not altered or indeed either machine.
Does anybody know why this happens as sometimes the scripts runs without a hitch.
Alternatively does anybody know how to run a script on a machine as the local user for that machine with a more reliable technology.
PS Sometimes the first PsExec works and the others fail.
EDIT
The script is just on line (apart from setting the appropriate variables)
PsExec %HOSTNAME% -I -u %USERNAME% -p %PASSWORD% CMD /C RMDIR /S /Q e:\SomeDir
This sometimes works but sometimes fails with "invalid handle"

You need to debug the situation.
You have a script, then something (what is Jenkins?) launch it on a remote PC, sometime it works, sometime it fail.
Is it deterministic?
When it fail does it always fail?
How does it fail?
You need to acquire better knowledge of how/when the script fail.
Here is what I would do to gather better understanding of these fails.
Can you run the script multiple time?
From the comments it seem that you run the script every hours, can you run it 3/4/5 time in a row, for each hours?
This will help you to determine how it fail: if you run it 5 time, does it works every time? it it fail, does it fail 5 times in a row?
Can you try to use different script?
You can create some more similar, but simpler, scripts.
So you can try your script with the RMDIR, then another script with a simple DIR command (just to se if the script launching/connection mechanism works) then another script with a simple ECHO command (so it doesent need to access any files/folder)
Run debug scripts on the local PC
Then, you can simultaneously run other scripts that run on the LOCAL PC (not the remote one where you need to execute the RMDIR) that try to access the remote PC, with a PING, or by copying a file from/to a network share...
Sniff the network
You can even set up a Wireshark instance that log all the packet sent between the 2 PC, this can be helpful to analyse/exclude networking issue.
You clearly need to track/log everything.
With this kind of information maybe you/we can have a better understanding of where the issue is.
=====================================
UPDATE 1 - Record some log
=====================================
Maybe you can try to use the following modified scripts to have some log files.
These script will create 2 log files, one on the remote PC (containing the message of the remotely executed command) and one on the local PC (containing any message from PsExec)
(you'll need to tweak the path where the log file are saved)
psexec %HOSTNAME% -I -u %USERNAME% -p %PASSWORD% CMD /C "RMDIR /S /Q e:\SomeDir >>c:\RemoteComputer.log 2>&1" >>c:\LocalComputer.log 2>&1
or the following one without the /I
Are you sure you need the /I parameters for CMD? On my Pc it doesn't works if I use the /I parameters...
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "RMDIR /S /Q e:\SomeDir >>c:\RemoteComputer.log 2>&1" >>c:\LocalComputer.log 2>&1
After some testing on my PCs, I've seen that PsExec install a service on the remote PC to run the command remotely. (It's called PsExecSvc.exe, installed in c:\windows\ on the WinXP PC I'm using for this test)
The remote installation/uninstallation of this temporary service for the command execution can surely be one of the possible "failure point" that generate the error.
If this is the case, then you should be able to track this down by looking at the LocalComputer.log, that will contain the message/error from PsExec.
As stated in my previous advice, I would also try to schedule simpler script like
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "dir c:\ >>c:\RemoteComputerDir.log 2>&1" >>c:\LocalComputerDir.log 2>&1
and
psexec %HOSTNAME% -u %USERNAME% -p %PASSWORD% CMD /C "echo SuperEchoTest >>c:\RemoteComputerEcho.log 2>&1" >>c:\LocalComputerEcho.log 2>&1
===================================
UPDATE 2 - Try to use WMI
===================================
You can try to run the remote command by using WMI
wmic /node:%HOSTNAME% /user:%USERNAME% /password:%PASSWORD% process call create "CMD /C RMDIR /S /Q e:\SomeDir"
When you use WMI you need to be sure that windows firewall is not blocking your command. (when I tried to run a remote command with WMIC the windows firewall notification popped up on my Win 7 PC)
(I've the instruction to use WMIC here)

Yes, there is a more reliable technology for executing commands on a remote machine and is called powershell. For example, you can run :
test-connection -computername server01, server02, server12
pings from local computer to several remote computers.
Another very useful command is:
invoke-command -filepath c:\scripts\test.ps1 -computerName Server01
runs the Test.ps1 script on the Server01 computer.
A tutorial gives several examples on how to Run PowerShell Commands on Remote Computers.

A different technology can be found mimicking the Linux world, and using ssh. It's very common with clusters and I have personally used it with Windows Server 2008 R2, so I don't expect any difference on windows 7.
This task is commonly performed with ssh and password-less public key authentication. With it, the only needed information is the IP of the remote server and the public key of the client, stored on the server: only the client with the corresponding private key can connect to it (the keys must be created with ssh-keygen, on the client. The public key is copied to the server)
The server must have the TCP port 22 accessible from outside, in case there are firewalls, NATs,...
In my case I used the ssh server included in Windows SUA, but I suggest you forget them (they are deprecated, and quite cumbersome actually) and give a try to the OpenSSH cygwin server, sshd - even if not officially Microsoft, there is a large community supporting it at least - and occasionally I have used it reliably.
The client ssh command is included in SUA, in cygwin, or you can use putty if you want a lightweight solution on the client (not that cygwin is heavy - just the burden of having a sort of linux emulation that's not needed)
Giving a search for example I have found this post, explaining well the needed steps.

Related

How do I stop my batch file and pushd from referencing the unc when opening cmd.exe?

I'm trying to run a batch file from a local Windows server that calls on computers in my domain to pull from the shared folder and run an exe. I'm not sure if my script is trying to do too much or too little.
So I run the below batch locally
X:\pstools\psexec.exe \\Computer -d -u DOMAIN\user -p password -i \\SERVER\test\testfile.bat
and testfile.bat:
#echo off
pushd \\SERVER\test\
call program.exe
popd
When I run the script, psexec runs and I get a confirmation that testfile.bat was started on target computer. On the targeted computer nothing happens. If I navigate to the share on the targeted computer and run testfile.bat, I get "CMD.EXE was not started with the above path as the current directory.UNC paths are not supported. Defaulting to Windows directory." From there the computer runs the called .exe with no issues.
If I target this towards another server in my domain it executes perfectly, but not on domain computers. I thought maybe a GPO issue, but I can't find a solution.
Thanks for any knowledge or help provided!
Thanks for all the tips everyone! This is how I ended up getting it working for anyone who might have the same issue.
Script on Server:
x:\pstools\psexec.exe \\Computer(or text file with computers listed) -d -s cmd /c (batchfile.bat)
Similiar to what I was trying before, but to ensure you run the command line as System on the remote PC you have to specify "-s cmd". The /c copies the batch to the remote system to run locally. You can include a "-f" to overwrite if you've already copied it previously. I just put the batchfile in the pstools folder.
Batchfile.bat:
pushd \\networkdrive
call (.bat/.cmd/.exe/etc.)
popd
I disabled the firewall for testing, but I believe you have to open TCP-445/UDP-137 for PSEXEC. Otherwise, that's it. Super simple solution.

What could cause PSExec to only work remotely?

I am trying to update some legacy software so that it works on a new computer. The software connects to an AS400 with runs a .batfile on the local machine.
The command:
psexec \\localhost -i c:\path\to\file.bat s3
works like a champ when executed from the command line on the local machine, but when fired from the AS400, nothing happens. No errors. No anything.
Any ideas?
update The computer is a Windows 7 machine.
update 2 - batch file contents
FTP -s:C:\scls\PGINPC3I.FTP i.p.a.d.d.r.e.s.s
C:\scls\NGINPC3 S3
FTP -s:C:\scls\PGINPC3O.FTP i.p.a.d.d.r.e.s.s
Provided your version of PSExec is recent. If you haven't ran PSExec on the remote machine physically and accepted the license agreement, you'll get this kind of behavior. There is an undocumented switch for PSExec to alleviate this kind of issue. it's /accepteula just add that in your call to PSExec and see what happens.
Exactly like this with the forward slash:
psexec \\localhost -i /accepteula c:\path\to\file.bat s3
EDIT
The -c switch:
-c Copy the specified program to the remote system for
execution. If you omit this option the application
must be in the system path on the remote system.

windows, Putty, pscp combined in to a single batch file, is it possible?

I'm having trouble getting an answer to my question, in laymens terms. It is probably my lack of knowledge on the subject so, I'm dumbing down the question. I have a windows machine that I run the putty tool from and connect to a linux box. I run " killall /bob/bin/myfile.out " then close putty then type in a cmd prompt pscp.exe myfilet.out.2.3.4 root#192.168.1.1:/bob/bin/myfile.out . Can someone show me how to combine these into a single windows batch file? thank you
You could use the free command line tool Plink to run commands on external servers via SSH.
#echo off
Plink root#192.168.1.1 "killall /bob/bin/myfile.out"
pscp.exe myfilet.out.2.3.4 root#192.168.1.1:/bob/bin/myfile.out || echo an error occurred when copying the file.
the command after || on the second line will only run if an error level is set by the previous command.
I can't add comments yet, but can you elaborate on how you login with putty, but not do the exact same thing with plink? Plink not only accepts all the same options as putty, but if you have a saved session in putty, you can access it from plink. Without any subcommands, plink should essentially make you CMD shell look like a crude putty window, with subcommands, it will execute them and return:
C:\Users\riglerjo>plink savedputtysession
Using username "rigler".
# hostname
s9-chicago.accountservergroup.com
-bash-3.2$ exit
logout
Run the remote command as an option on plink:
C:\Users\riglerjo>plink savedputtysession hostname
s9-chicago.accountservergroup.com

Running SQLCMD from a batch file after SQLServer Install

I've come across an odd problem, which I'm sure is easily explained and fixed.
I'm using a .bat file to install a lot of programs, one of which is SQL server 2012 (if it matters, the other installations are just .net framework, OPOS drivers and POS software which uses SQL server).
I can get the batch file to silently instal everything, including SQL (with SSMS), which is great. But once SQL Server is installed I'd like to run a couple of SQL scripts to create/attach databases.
I know that the install works (if I dont' try to doanything other than the installs), and I know that the SQLCMD works (if I run it seperately, after the install), but if I try to run the SQLCMD after the install, in the same batch file it fails with the standard 'SQLCMD is not recognised as an internal or external command...'
I've put this down to I need to restart CMD to get it to recoginise the new command (i.e. the SQLCMD), so I figured I'd split out the SQLCMD commands into a separate batch file and call it, but it still doesn't work. I have to physically close my original batch file down before CMD.exe picks up the new commands.
So... is it possible to 'refresh' cmd.exe so that the newly installed SQLCMD commands are useable from the original batch file??
Here is (some of) my script. (note that I've removed all of the other install before SQL Server)
#echo off
SETLOCAL ENABLEDELAYEDEXPANSION
"%~dp0SQLServer.exe" /QS /INDICATEPROGRESS /ACTION=install /FEATURES=SQL,SSMS /INSTANCENAME=Datasym /SECURITYMODE=SQL /SAPWD=Welcome21ST /IACCEPTSQLSERVERLICENSETERMS
echo.
echo SQL Server installed
sqlcmd -S %computername%\DATASYM -U sa -P Welcome21ST -i %script%
The %script% variable changes (like I said, there are multiple scripts I'd like to run). And I know that the scripts themselves work.
Why does CMD not recognise SQLCMD as a command??
I tried to replace the line:
sqlcmd -S %computername%\DATASYM -U sa -P Welcome21ST -i %script%
with
call sqlscript.bat
as I thought that would open another CMD,exe (which it does), so I assumed that the second CMD would see the ew command (SQLCMD), but it doesn't seem to .
Any help on how I can get the SQLCMD to work in the original batch file would be greatly appreciated.
As you've already found, the current CMD window won't pick up the new changes to the system PATH environment variable. If for some reason you don't want to put the full path to sqlcmd (which I think is the best solution), you might try doing this instead.
start /wait cmd /c sqlcmd -S %computername%\DATASYM -U sa -P Welcome21ST -i %script%
This will spawn a new window and wait for the sqlcmd call to finish before returning to your original script.

Execute windows batch command from Jenkins fails but runs fine in cmd.exe

I am trying to run this command in jenkins after a MSbuild
xcopy "C:\Program Files (x86)\Jenkins\workspace\trunk\Projects\results\results\obj\Debug\Package\PackageTmp" "Y:\Extraction_Zone\Jenkins\" /E
Y: is a mapped network drive. This runs fine in cmd.exe but when trying to run it in Jenkins, I am getting the error Invalid drive specification.
Here is the output from jenkins:
Time Elapsed 00:00:04.03
[trunk] $ cmd /c call C:\Windows\TEMP\hudson3389873107474371072.bat
C:\Program Files (x86)\Jenkins\workspace\trunk>xcopy "C:\Program Files (x86)\Jenkins\workspace\trunk\Projects\results\results\obj\Debug\Package\PackageTmp" "Y:\Extraction_Zone\Jenkins\" /E
Invalid drive specification
0 File(s) copied
C:\Program Files (x86)\Jenkins\workspace\trunk>exit 4
Build step 'Execute Windows batch command' marked build as failure
Finished: FAILURE
Any help would be appreciated.
I too had a similar issue once. Try granting the Jenkins service "Logon as This account" right under services.msc and make sure the account you type there is the same as the one you use for running cmd.exe.
These commands based on Java JAR files worked for me:
cmd
net use x: \\
xcopy "dist\" x:\ /Y
And that's it! I spent lot of time figure out this issue and nothing worked until I wrote CMD and NET USE!
Neither I didn't need to change permission on jenkins service nor use runas command.
But I must mention that everyone had read and write access to the network drive.
I had the same issue with my Windows Task running a batch file (I know it is not exactly same) where I tried to copy file to network location i.e. shared drive. I used the UNC path and mapped drive as well but the error was same. For me it was error number 4 - MS DOS error code.
The solution was to use net use command! Hope that it helps.
Easy fix for most things.
Make a batch command with what your trying to run, filename.bat with the command prompt text inside.
Make a normal windows shortcut for the batch command, edit the shortcuts advanced properties and check the "Run as admin" (tricky tricky).
Now run the filename.lnk shortcut from jenkins command line call, this will get you around all the jazz.
:)
The solution of adarshr (i.e., modifying the log on credentials of the service) has worked for me for a part of the problem: in my case, this allowed me to successfully check out a mercurial repository (using ssh protocol), which I could not do when using 'Local System account'.
However, I still have different behavior between running a command-line script or running the same script from a jenkins 'execute shell' script in the build section. In my case, I compile a Python extension. In Jenkins, I cannot import the extension (I don't see any error, but the execution simply stops, so I suspect it crashes).
If I uninstall the service and run the slave agent as a Java Web Start, I do get the same behavoir. It is a temporary fix for me, but it means that when I reboot the windows build machine, I have to manually re-start the Java Web Start application.
So -at least in my case- it is clear that this is a credential problem.
Credentials usage documentation: https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+CLI
I've solved my issue with the CIFS plugin.
Faced similar issue and found two ways to solve.
Type 1:
Tell Jenkins about mapped drive.
1.Goto -> Manage Jenkins -> Script Console (Groovy Script).
2.Run below command
def mapdrive = "net use Y: \\\\copy_nework_address"
mapdrive.execute();
println "net use".execute().getText()
Type:2
1.Goto -> cmd -> run "net use" to know network address
xcopy "C:\Program Files (x86)\Jenkins\workspace\trunk\Projects\results\results\obj\Debug\Package\PackageTmp" "Copy_Network_Address\Extraction_Zone\Jenkins\" /E
Conclusion:- I prefer 2nd types as after every restart i should run Groovy Script.

Resources