Solved

WMIC process call create ReturnValue = 3 problem

Posted on 2014-09-17
16
1,581 Views
Last Modified: 2014-10-07
When using WMIC to remotely query two windows 2003 domain controllers, I cannot use proccess call create "name.exe". I can list processes and terminate them with out issue.

The results of using process call create shown below:

C:\Windows>wmic /node:"dc1"  /user:Administrator /password:password123 process call create "calc.exe"
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 3;
};

I have been my Google searches have not turned up anything useful so far.

Anyone have any suggestions as to how I might troubleshoot this problem?
0
Comment
Question by:spencerturbine
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329242
Any chance that "name.exe" is not on the path? "Calc.exe" is so that will start.

Can you try adding the full path to "name.exe"?
0
 

Author Comment

by:spencerturbine
ID: 40329249
I have tried calc.exe and c:\windows\system32\calc.exe and I get the same results.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329291
calc is working, but you want name.exe to work, right?
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 

Author Comment

by:spencerturbine
ID: 40329297
No calc returns error 3
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329299
Then I misunderstood this part:

"Method execution successful."
0
 

Author Comment

by:spencerturbine
ID: 40329302
Well the call was successful, but the command executed as a result of the call reported an error.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329306
C:\Users\me>wmic /node:mypc process call create calc.exe
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ProcessId = 1744;
        ReturnValue = 0;
};

Open in new window


I got a calc.exe that opened just fine.
0
 

Author Comment

by:spencerturbine
ID: 40329312
Yes I can do this on my  own machine as well as many domain workstations. But I cannot successfully run the command on the two domain controllers.

Which is the intended purpose. (Not to run calc.exe, but to execute another command I have ready. Calc.exe is being used to simplyfly troubleshooting)
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40329822
I don't have a domain server to test with so my contribution ends here...
0
 

Author Comment

by:spencerturbine
ID: 40330103
OK Thanks!
0
 

Accepted Solution

by:
spencerturbine earned 0 total points
ID: 40331109
I may have discovered the reason I cannot complete this command.

The Default Domain Controller Policy does not have the LOCAL or SYSTEM accounts listed in the "Replace a process level token" user right.

I will have to determine if this setting in the "default domain controller policy" is a "default" setting, or if it was changed for a reason.
0
 

Author Comment

by:spencerturbine
ID: 40331247
I really thought I had it there but no joy. I still get the error code 3 for insufficient privileges!
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40332275
Did you try with domain admin credentials, like this:

/user:your_domain\your_domain_admin /password:your_domain_admin_password
0
 

Author Comment

by:spencerturbine
ID: 40343897
Yes I did try the /user:DOMAIN\Administrator

The only way I got this to work was to add the Administrators group to the "Replace a process level token" user right.

I am hoping someone could shed some light on this so I don't have to set up a test 2003 domain just to see what the default user rights are because I have never seen anyone explain the potential for this command to fail because the "Replace a process level token" user right did not contain the Administrators group.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 40346594
>> so I don't have to set up a test 2003 domain
Can help you there I'm afraid.
0
 

Author Closing Comment

by:spencerturbine
ID: 40365504
Ultimately this was the reason why I was not able to complete the command.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to remove superseded packages in windows w60 or w61 installation media (.wim) or online system to prevent unnecessary space. w60 means Windows Vista or Windows Server 2008. w61 means Windows 7 or Windows Server 2008 R2. There are various …
The purpose of this article is to demonstrate how we can use conditional statements using Python.
The viewer will learn how to clear a vector as well as how to detect empty vectors in C++.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question