Solved

WMIC process call create ReturnValue = 3 problem

Posted on 2014-09-17
16
1,378 Views
Last Modified: 2014-10-07
When using WMIC to remotely query two windows 2003 domain controllers, I cannot use proccess call create "name.exe". I can list processes and terminate them with out issue.

The results of using process call create shown below:

C:\Windows>wmic /node:"dc1"  /user:Administrator /password:password123 process call create "calc.exe"
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 3;
};

I have been my Google searches have not turned up anything useful so far.

Anyone have any suggestions as to how I might troubleshoot this problem?
0
Comment
Question by:spencerturbine
  • 9
  • 7
16 Comments
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40329242
Any chance that "name.exe" is not on the path? "Calc.exe" is so that will start.

Can you try adding the full path to "name.exe"?
0
 

Author Comment

by:spencerturbine
ID: 40329249
I have tried calc.exe and c:\windows\system32\calc.exe and I get the same results.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40329291
calc is working, but you want name.exe to work, right?
0
 

Author Comment

by:spencerturbine
ID: 40329297
No calc returns error 3
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40329299
Then I misunderstood this part:

"Method execution successful."
0
 

Author Comment

by:spencerturbine
ID: 40329302
Well the call was successful, but the command executed as a result of the call reported an error.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40329306
C:\Users\me>wmic /node:mypc process call create calc.exe
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ProcessId = 1744;
        ReturnValue = 0;
};

Open in new window


I got a calc.exe that opened just fine.
0
 

Author Comment

by:spencerturbine
ID: 40329312
Yes I can do this on my  own machine as well as many domain workstations. But I cannot successfully run the command on the two domain controllers.

Which is the intended purpose. (Not to run calc.exe, but to execute another command I have ready. Calc.exe is being used to simplyfly troubleshooting)
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40329822
I don't have a domain server to test with so my contribution ends here...
0
 

Author Comment

by:spencerturbine
ID: 40330103
OK Thanks!
0
 

Accepted Solution

by:
spencerturbine earned 0 total points
ID: 40331109
I may have discovered the reason I cannot complete this command.

The Default Domain Controller Policy does not have the LOCAL or SYSTEM accounts listed in the "Replace a process level token" user right.

I will have to determine if this setting in the "default domain controller policy" is a "default" setting, or if it was changed for a reason.
0
 

Author Comment

by:spencerturbine
ID: 40331247
I really thought I had it there but no joy. I still get the error code 3 for insufficient privileges!
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40332275
Did you try with domain admin credentials, like this:

/user:your_domain\your_domain_admin /password:your_domain_admin_password
0
 

Author Comment

by:spencerturbine
ID: 40343897
Yes I did try the /user:DOMAIN\Administrator

The only way I got this to work was to add the Administrators group to the "Replace a process level token" user right.

I am hoping someone could shed some light on this so I don't have to set up a test 2003 domain just to see what the default user rights are because I have never seen anyone explain the potential for this command to fail because the "Replace a process level token" user right did not contain the Administrators group.
0
 
LVL 37

Expert Comment

by:Gerwin Jansen
ID: 40346594
>> so I don't have to set up a test 2003 domain
Can help you there I'm afraid.
0
 

Author Closing Comment

by:spencerturbine
ID: 40365504
Ultimately this was the reason why I was not able to complete the command.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
This article will show, step by step, how to integrate R code into a R Sweave document
This video teaches viewers about errors in exception handling.
The goal of the video will be to teach the user the difference and consequence of passing data by value vs passing data by reference in C++. An example of passing data by value as well as an example of passing data by reference will be be given. Bot…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now