Quantcast
Channel: Sysinternals Forums
Viewing all 10386 articles
Browse latest View live

PsTools : PSEXEC error with Mandotory/Temp. Profile

November 16, 2015, 3:06 am
$
0
0
Author: user0815
Subject: PSEXEC error with Mandotory/Temp. Profile
Posted: 16 November 2015 at 11:06am

Hello,
 
i have following error:
 
When i execute psexec as interactive System-Account cmd i got these error, when I logged in with a mendatory or temporary profile:
 
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Error deriving session key:
Das Profil für den Benutzer ist ein temporäres Profil. -> Translate:
The profile for the user is a temporary profile

I used the latest PS-Tools, with the version 1.97 I don't have these error.
 
I must rollback the psexec on my clients to the version 1.97.
Search

BgInfo : BGINFO into Taskbar with VBSCRIPTS

November 16, 2015, 3:43 am
$
0
0
Author: aaj007
Subject: BGINFO into Taskbar with VBSCRIPTS
Posted: 16 November 2015 at 11:43am

Hello,

i will work with bginfo for our customer and looks like fine and looks like this.

Now i will minimize them into the TASKBAR with the same switch but it doesn´t run because i am working with WMI querys and VBSCRIPTs. 
The VBSCRIPTs are for IpAdress so that i will show only IPv4 without zero entrys or Network Speed and OperatingSystems.

is there a way to minimize with VBSCRIPT or how can i forget the scripts and set them with WMI?

thanks a lot for your help.

with best regards
andré

Development : Disk2VHDX Programatically

November 16, 2015, 7:31 am
$
0
0
Author: jonebersole
Subject: Disk2VHDX Programatically
Posted: 16 November 2015 at 3:31pm

Is there an SDK or source available for Disk2VHD?  I want to create a wrapper around Disk2VHD so my program can monitor the creation of the VHD's and hide the interface window. I know I can use the -h -acceptuela parameters to hide the interface, but I need to know what it is doing and if it has failed, and how much longer it will take (that status).  Anyone know? Thanks in advance. - Jon

PsTools : PSEXEC weird behavior, extra parm errors out

November 16, 2015, 8:21 am
$
0
0
Author: kkinney
Subject: PSEXEC weird behavior, extra parm errors out
Posted: 16 November 2015 at 4:21pm

I can run psexec on a remote computer with no problems.

>psexec \\RemoteComputer -u ValidID -p ValidPassword -s "c:\program files\java\jdk1.8.0_66\bin\jcmd.exe"
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
    9988 sun.tools.jcmd.JCmd
    7816 D:\EAP-6.4.0\jboss-modules.jar
c:\program files\java\jdk1.8.0_66\bin\jcmd.exe exited on RemoteComputer with error code 0.

However when I add a single parameter, psexec pukes with "All pipe instances are busy."

>psexec \\RemoteComputer -u ValidID -p ValidPassword -s "c:\program files\java\jdk1.8.0_66\bin\jcmd.exe help"
PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com
Error establishing communication with PsExec service on RemoteComputer:
All pipe instances are busy.


Can anyone explain this behavior?  Can anyone tell me how to solve this error?

Process Monitor : procmon log truncates reg_binary values

November 16, 2015, 10:27 am
$
0
0
Author: tamahome
Subject: procmon log truncates reg_binary values
Posted: 16 November 2015 at 6:27pm

I happened to notice that the procmon log only shows the first 16 bytes of a reg_binary, even though it reports the correct length:

What procmon log gave me:

rem (16)
reg add "HKCU\Software\Adobe\Acrobat Reader\11.0\ReadAloud" /f /v sVoice        /t reg_binary /d 4D6963726F736F667420416E6E61202D 

The actual value:

rem (41)
reg add "HKCU\Software\Adobe\Acrobat Reader\11.0\ReadAloud" /f /v sVoice        /t reg_binary /d 4d6963726f736f667420416e6e61202d20456e676c6973682028556e69746564205374617465732900

(This fixes the read aloud feature in adobe reader by setting the voice to "Microsoft Anna - English (United States)".  The other 2 voices don't work.  The binary value is really a string.)

You can easily verify this by running the second reg command.

Oh I see.  It doesn't truncate it in a saved xml file, but it does in a csv or copy and paste.



Edited by tamahome - 6 hours 36 minutes ago at 7:27pm

Process Monitor : procmon.sys blocked by Windows 7

November 16, 2015, 3:53 pm
$
0
0
Author: dogno7
Subject: procmon.sys blocked by Windows 7
Posted: 16 November 2015 at 11:53pm

I am running the latest version of procmon from the sysinternals server, I know it is the latest, because I am using a drive mapping to the sysinternals site.

The 1st time I attempt to run procmon.exe after booting, windows 7 ( 64 bit ) says it blocked the driver because it caused windows to crash on a previous usage, and thus windows is blocking it to save me from myself.

How can I beat Win7 with a blunt instrument to get it to allow me to run procmon?  I have the Windows 7 debug package loaded, so I can get symbols served to me, as I am following along with the Sysinternals book, and attempting to get all the goodness of understanding the internals of Windows as well as how to best use the sysinternals tools to help me solve problems, or identify the location of bottlenecks ( yes, I know I can't get rid of all bottlenecks, I can just move it from one resource to another, but I can improve performance by reducing the bottlenecks that are needlessly slowing down applications. ).  Of course, I am also interested in memory leaks and identifying other issues that are bogging down performance.

So, thank you so much in advance.  If you want/need traces, tell me what you want me to collect, and I will do so.

Thanks so much.  TIA TIA TIA!!!

-Kurt< ="chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js">

Process Monitor : procmon.sys blocked by Windows 7

November 17, 2015, 8:52 am

Troubleshooting : Need help with high DPC latency issue

November 17, 2015, 8:57 am
$
0
0
Author: MagicAndre1981
Subject: Need help with high DPC latency issue
Posted: 17 November 2015 at 4:57pm

the trace is too short to see anything usefull from it. Capture at least 1 minute.
Search

Disk2vhd : Disk2VHD Limitation

November 17, 2015, 9:03 am

Process Monitor : procmon.sys blocked by Windows 7

November 17, 2015, 1:19 pm
$
0
0
Author: dogno7
Subject: procmon.sys blocked by Windows 7
Posted: 17 November 2015 at 9:19pm

I am not using a zipped container.  I am using either an extracted archive in a folder, or a live mapping to live.sysinternals.com, like shown below.

In this case, after having the problems, I attempted to run it directly from sysinternals.com network drive to make sure I was running the latest version.

( Sorry, I had to zip the file.  I don't know how to get an image down to 10k to meet the forum max image size restrictions...  My Atari 800 35 years ago had 48k...  I'm just saying... )

uploads/50545/MappedDrive.zip

In any case, thanks for the help, but in this case, the files are already extracted and not in an archive, or I am running off a mapped drive as you can see in the .png in the .zip.

TIA!

-Kurt< ="chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js">

Process Monitor : procmon.sys blocked by Windows 7

November 17, 2015, 1:28 pm
$
0
0
Author: dogno7
Subject: procmon.sys blocked by Windows 7
Posted: 17 November 2015 at 9:28pm

I should have also commented that this blocking message popped up after I had the Windows 7 debug server installed, so I could get the thread information, as described in the sysinternals book, and after I had procmon black out my screen and reboot my computer.

Then, in the lower right of my screen, on the first time I attempt to run procmon after a reboot, I get a message from Windows 7 saying that it is blocking the procmon.sys driver, because Windows 7 detected a stability issue, and I should contact the product vendor for an updated program.

Being that I am getting free tools, hey, I'm not complaining.  I'm just going through the motions of attempting to get the problem resolved, because I am going through both the sysinternals book, as well as the Windows Internals book ( Win 7/2008 edition ), to get a better grasp of how windows does things, as compared to how Linux/Solaris/Unix does things ( many are remarkably similar, as a computer science major would expect...  Analogy:  you want to mop a floor, you need a mop.  You want virtual memory, you are going to need a memory manager of some sort, and a paging mechanism, data structures, etc..... ).

So, hopefully that elucidates the situation.

Again, thank you so much for any help anyone can provide on this issue.

I can zip a screen capture of the error, if that would be of any assistance, and zip it and upload it as I uploaded the image of the drive mapping.  Yes?

Kurt< ="chrome-extension://hhojmcideegachlhfgfdhailpfhgknjm/web_accessible_resources/index.js">

Miscellaneous Utilities : Winhelp32.exe not working for .hlp files in Window

November 17, 2015, 1:29 pm
$
0
0
Author: Merowland01
Subject: Winhelp32.exe not working for .hlp files in Window
Posted: 17 November 2015 at 9:29pm

I just installed Winhlp32.exe in Windows 10 and it works on all 10.0.10240 distributed .hlp files but those distributed in SystemsinternalsSuite,zip.  I know this isn't a big priority for advanced users, but for newbies like me, I need the help to properly run the programs WINOBJ, PORTMON, pagedefg, DISKMON.

Thanks

Note: To install winhlp32.exe in windows 10, I downloaded http://www.komeil.com/blog/windows-help-program-winhelp-winhlp32-exe and modified the Install.cmd file using the following commands in the SETUP section:

set WindowsVersion=7
goto :BypassVersionError

You must run the Install.cmd file as Administrator.

(thanks goes to various authors in MS community)



Miscellaneous Utilities : Can't run PORTMON.exe in Windows 10

November 17, 2015, 3:53 pm
$
0
0
Author: Merowland01
Subject: Can't run PORTMON.exe in Windows 10
Posted: 17 November 2015 at 11:53pm

When trying to run PORTMON.EXE, I get a failure which is shown in event log as "The PORTMON service failed to start due to the following error: This driver has been blocked from loading".  Event 7000 SCM.

Another event 1060 was logged at the same time which I am sure is related:

"The description for Event ID 1060 from source Application Popup cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event: 

\??\C:\Users\merow\Downloads\System Internal Troubleshooting\PO

the message resource is present but the message is not found in the string/message table

How do I get PORTMAN to run?

Disk2vhd : Disk2VHD Limitation

November 17, 2015, 4:15 pm
$
0
0
Author: wilsontan10101
Subject: Disk2VHD Limitation
Posted: 18 November 2015 at 12:15am

So meaning to said that Disk2VHD able to create a VHD file more than 127GB in size. Example abc.vhd (300GB).
 
And that abc.vhd file able to support / run at Hyper-V server but for Virtual PC.
 
Correct me if I'm wrong.
 
 

Disk2vhd : Disk2VHD Limitation

November 17, 2015, 4:16 pm
$
0
0
Author: wilsontan10101
Subject: Disk2VHD Limitation
Posted: 18 November 2015 at 12:16am

Correction...
 
 And that abc.vhd file able to support / run at Hyper-V server but NOT for Virtual PC.
Search

Process Explorer : BSOD in PROCEXP152

November 17, 2015, 5:52 pm
$
0
0
Author: quick698
Subject: BSOD in PROCEXP152
Posted: 18 November 2015 at 1:52am

Hello,

This is my first post to the group so here goes.

My HP Probook has been getting a BSOD Stop 0x00000093 in PROCEXP152 and I can't seem to get the program uninstalled.

BugCheck 93, {3e74, fffff8a0000016e0, fffff8a00651e9d0, 1}

*** WARNING: Unable to verify timestamp for PROCEXP152.SYS
*** ERROR: Module load completed but symbols could not be loaded for PROCEXP152.SYS

Thanks,
Phil

Troubleshooting : Need help with high DPC latency issue

November 18, 2015, 8:49 am
$
0
0
Author: ylingf
Subject: Need help with high DPC latency issue
Posted: 18 November 2015 at 4:49pm

so here's a breakdown in WPA.  Is it fair to say that it is basically tcpip.sys and ntoskrnl.exe as they are called by the solarflare driver SFN6a.sys that caused high latency?

https://www.dropbox.com/s/s42iaet18dntlgj/DPC%20breakdown.JPG?dl=0



Troubleshooting : Need help with high DPC latency issue

November 18, 2015, 9:43 am
$
0
0
Author: MagicAndre1981
Subject: Need help with high DPC latency issue
Posted: 18 November 2015 at 5:43pm

yes, looks like the SFN6a.sys (Solarflare) causes the issue. update the driver/tool

Troubleshooting : Need help with Ntoskrnl thread causing high CPU

November 18, 2015, 9:48 am
$
0
0
Author: MagicAndre1981
Subject: Need help with Ntoskrnl thread causing high CPU
Posted: 18 November 2015 at 5:48pm

the trace is corrupted (you may have used the Win10 SDK/WPT under WIn7. This doesn't work. Use the win8.1 version: http://social.technet.microsoft.com/wiki/contents/articles/4847.install-the-windows-performance-toolkit-wpt.aspx).

Before you do this, install the Sp1 + all updates + newest drivers.

Miscellaneous Utilities : Sysmon 3.1 config error

November 18, 2015, 1:52 pm
$
0
0
Author: wkupersa
Subject: Sysmon 3.1 config error
Posted: 18 November 2015 at 9:52pm

You probably figured it out by now, but version 3.10 had that error. Version 3.11 seems to fix it.
Viewing all 10386 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>