Windows – Howto use psexec via powershell invoke-command on a remote computer? (invalid handle)

batch-filepowershellpsexecwindows

I have written a powershell script which creates a powershell script or a batch script depending on the remote host on which this script should be started remotely (either via powershell invoke-command or psexec).

The script creates either a powershell or a batch script, because not all hosts on which these created scripts should be run support WinRM (Windows Remote Management).

The created scripts include some psexec lines which executes a command on another remote host. The created batch script works as expected, but from the created powershell script i get the following errors from the psexec calls.

NotSpecified: (:String) [], RemoteException
    + CategoryInfo          : NotSpecified: (:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    + PSComputerName        : <HOSTNAME REPLACED>

PsExec v2.1 - Execute processes remotely
Copyright (C) 2001-2013 Mark Russinovich
Sysinternals - www.sysinternals.com
The handle is invalid.
Access is denied.
Connecting to 10.XXX.XXX.127...Couldn't access 10.XXX.XXX.127:
Starting PSEXESVC service on 10.XXX.XXX.127...Could not start PSEXESVC service on 10.XXX.XXX.127:
Connecting to 10.XXX.XXX.127...Starting PSEXESVC service on 10.XXX.XXX.127...

Here is a small overview of what is done:

Powershell script on deployment host creates the rollout script (ps1 or batch) depending on the destination host
Powershell script on deployment host starts the created rollout script on the destination host
- Powershell will be started via Invoke-Command -ComputerName <destination host> -FilePath <path to created script> -Authentication default
- Batch will be started via & psexec.exe \\<destination host> -n 60 -accepteula -c -f <path to created script>
Created rollout script on the destination host executes a psexec command to start a service on a third host (this fails only if the rollout script is powershell)

This is the psexec command which fails if executed via a remotely started powershell script.

& psexec.exe \\<destination host> -n 60 -accepteula -u <user> -p <password> net stop <servicename>

The same command psexec.exe \\<destination host> -n 60 -accepteula -u <user> -p <password> net stop <servicename> executed via a remotely started batch script works without problems.

Update #1

Also if i connect to the destination host with rdp and start a powershell shell and paste the command it works without issues. The problem only occurs if started remotely.

I already tried the following variants of starting psexec, all without luck!

& psexec.exe \\<destination host> -n 60 -accepteula -s -u <user> -p <password> net stop <servicename>
Start-Process cmd.exe -Credential "<domain>\<user>" -WorkingDirectory $env:systemdrive -ArgumentList "/C psexec.exe \\<destination host> -n 60 -accepteula -u <user> -p <password> net stop <servicename>"
Start-Process powershell.exe -WorkingDirectory $env:systemdrive -Verb Runas -ArgumentList "cmd.exe /C psexec.exe \\<destination host> -n 60 -accepteula -u <user> -p <password> net stop <servicename>"

Best Answer

can you try to replace your psexec command, and use cmd.exe like thisn also add -s to psexec so it will run as system user. My testing command :

icm -cn computer1  -ScriptBlock{ cmd.exe "/c psexec -s -u <login> -p <password> /accepteula /n 10 \\computer2 net start audiosrv"}

Related Solutions

Powershell – How to handle command-line arguments in PowerShell

You are reinventing the wheel. Normal PowerShell scripts have parameters starting with -, like script.ps1 -server http://devserver

Then you handle them in param section in the beginning of the file.

You can also assign default values to your params, read them from console if not available or stop script execution:

 param (
    [string]$server = "http://defaultserver",
    [Parameter(Mandatory=$true)][string]$username,
    [string]$password = $( Read-Host "Input password, please" )
 )

Inside the script you can simply

write-output $server

since all parameters become variables available in script scope.

In this example, the $server gets a default value if the script is called without it, script stops if you omit the -username parameter and asks for terminal input if -password is omitted.

Update: You might also want to pass a "flag" (a boolean true/false parameter) to a PowerShell script. For instance, your script may accept a "force" where the script runs in a more careful mode when force is not used.

The keyword for that is [switch] parameter type:

 param (
    [string]$server = "http://defaultserver",
    [string]$password = $( Read-Host "Input password, please" ),
    [switch]$force = $false
 )

Inside the script then you would work with it like this:

if ($force) {
  //deletes a file or does something "bad"
}

Now, when calling the script you'd set the switch/flag parameter like this:

.\yourscript.ps1 -server "http://otherserver" -force

If you explicitly want to state that the flag is not set, there is a special syntax for that

.\yourscript.ps1 -server "http://otherserver" -force:$false

Links to relevant Microsoft documentation (for PowerShell 5.0; tho versions 3.0 and 4.0 are also available at the links):

Powershell: Using psexec with UNC path gives “access is denied”

I found a somewhat unconventional way to solve it.

psexec \\MachineB -u domain\user -p password cmd /c "cd /d I:\drops\Func2 && func2web.bat"

Best Answer

Related Solutions

Powershell – How to handle command-line arguments in PowerShell

Powershell: Using psexec with UNC path gives “access is denied”

Related Topic