12 Replies Latest reply on Feb 24, 2020 5:52 AM by German Coll

    PSEXEC error: The handle is invalid.

    Greinger Longbotton
      Share This:

      We are running an Agent Installer Job to install the RSCD agent 8.9.4.227 on a Windows 2016 and we are getting the following error:

       

      --------------------------------------------------------------------------------------------------------

      Could not determine the name of the Windows platform via psexec command:

      Executing REG.exe Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr REG

      Command failed, non-zero return code: 2,250, stderr:

      PsExec v1.98 - Execute processes remotely

      Copyright (C) 2001-2010 Mark Russinovich

      Sysinternals - www.sysinternals.com

       

      The handle is invalid.

      Connecting to 11.22.33.44...

       

      Couldn't access 11.22.33.44:

      Connecting to 11.22.33.44...

      --------------------------------------------------------------------------------------------------------

       

      The rscd.log on the psexec server shows that:

       

      --------------------------------------------------------------------------------------------------------

      ...

      CM: > Executing psexec

      CM: Agent version is 8.9.04.227

      CM: remote command: blpsexec -s 11.22.33.44-u admintemp2 -p XNQPZAAAKQNAOBVNTPUNBMKLVNAOTBVEOXTBZXVUBUTUBQPAAKBNLBAPMZMKPAUN -c -h cmd /c REG.exe Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName | findstr REG > "C:\temp\stage/psexec-stdout-0.8615929358958416" 2> "C:\temp\stage/psexec-stderr-0.8615929358958416"

      CM: argv[1] = -s

      CM: argv[2] = 11.22.33.44

      CM: argv[3] = -u

      CM: argv[4] = adminuser

      CM: argv[5] = -p

      CM: argv[6] = [encoded password]

      CM: argv[7] = -c

      02/20/20 10:50:16.772 DEBUG    rscd -  PSEXERSERVER 4856 SYSTEM (Not_available): (Not_available): Workstation name: Service-0x0-3e7$

      CM: ReadPipe: Read = 126 Buf =  2  PsExec v1.98 - Execute processes remotely  Copyright (C) 2001-2010 Mark Russinovich  Sysinternals - www.sysinternals.com

      CM: ReadPipe: Read = 24 Buf =  2The handle is invalid.

      CM: ReadPipe: Read = 91 Buf =  2Connecting to 172.16.4.38...   Couldn't access 11.22.33.44:  Connecting to 11.22.33.44...

      CM: windf/read_a_pipe PeekNamedPipe(STDOUT) failed: 0x00006d

      CM: windf/read_a_pipe PeekNamedPipe(STDERR) failed: 0x00006d

      CM: RunProcess: Process return code = 2250

      CM: Set to return nexec stdout/stderr as is

      ...

      --------------------------------------------------------------------------------------------------------

       

      We have reproduced the error running the psexec command from the PSEXERSERVER locally:

       

      --------------------------------------------------------------------------------------------------------

       

      psexec \\11.22.33.44 -u adminuser -p P@SSW0RD -c -h cmd /c REG.exe Query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName

       

      PsExec v1.98 - Execute processes remotely

      Copyright (C) 2001-2010 Mark Russinovich

      Sysinternals - www.sysinternals.com

       

       

      The handle is invalid.

      Couldn't access 11.22.33.44 :

       

      --------------------------------------------------------------------------------------------------------

       

       

      Could you please help us with this issue?

        • 1. Re: PSEXEC error: The handle is invalid.
          Sanjay Singh Dhami

          could be:

          - Port 445 or 135 is blocked, you can check as below:

          go to target and run below command:

           

          netstat -an | find "445" and  netstat -an | find "135"

           

          - OR maybe you have reached the maximum number of connections allowed by the "Server" windows service, try restarting it.
          You can see the number of sessions in use with this command:
          net statistics server

          • 2. Re: PSEXEC error: The handle is invalid.
            Greinger Longbotton

            This is the output on the target WIN 16 where we want to install the RSCD agent.

            11.22.33.44 -> TARGET IP

            66.77.88.99 -> PSEXERSERVER

             

             

            --------------------------------------------------------------------------------------------------------

             

            C:\Users\Administrator>netstat -an | find "445"

              TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

              TCP    [::]:445               [::]:0                 LISTENING

             

             

            C:\Users\Administrator>netstat -an | find "135"

              TCP    0.0.0.0:135            0.0.0.0:0              LISTENING

              TCP    11.22.33.44:135            66.77.88.99:0              LISTENING

              TCP    11.22.33.44:135            66.77.88.99:0              LISTENING

              TCP    [::]:135               [::]:0                 LISTENING

             

            C:\Users\Administrator>net statistics server

            Server Statistics for \\TARGET

             

            Statistics since 2/20/2020 10:21:18 AM

             

            Sessions accepted                              0

            Sessions timed-out                              0

            Sessions errored-out                           0

             

            Kilobytes sent                               87

            Kilobytes received                        425

             

            Mean response time (msec)          0

             

            System errors                               0

            Permission violations                    0

            Password violations                      71

             

            Files accessed                              18

            Communication devices accessed      0

            Print jobs spooled                                0

             

            Times buffers exhausted

             

                 Big buffers             0

                 Request buffers     0

             

            The command completed successfully.

             

            --------------------------------------------------------------------------------------------------------

             

            • 3. Re: PSEXEC error: The handle is invalid.
              Bill Robinson

              can you connect to port 445 on the target from your psexec server?  is the windows firewall running on the target ?

              • 4. Re: PSEXEC error: The handle is invalid.
                Sanjay Singh Dhami

                Make sure that the default admin$ share is enabled on 11.22.33.44

                • 5. Re: PSEXEC error: The handle is invalid.
                  Greinger Longbotton

                  Yes, I can perform the following command successfully from our PSEXECSERVER to the TARGET:

                   

                  telnet 11.22.33.44 445

                  • 6. Re: PSEXEC error: The handle is invalid.
                    Bill Robinson

                    and do you see a connection from the psexec server on the target when you do that ?

                    • 7. Re: PSEXEC error: The handle is invalid.
                      Greinger Longbotton

                      Yes. I see that on the target:

                       

                      --------------------------------------------------------------------------------------------------------

                      C:\Users\Administrator>netstat -an | find "445"

                        TCP    0.0.0.0:445            0.0.0.0:0              LISTENING

                        TCP    11.22.33.44:135            66.77.88.99:0              ESTABLISHED

                        TCP    [::]:445               [::]:0                 LISTENING

                      --------------------------------------------------------------------------------------------------------

                       

                       

                      (

                      11.22.33.44 -> TARGET IP

                      66.77.88.99 -> PSEXERSERVER

                      )

                      • 9. Re: PSEXEC error: The handle is invalid.
                        Greinger Longbotton

                        From our PSEXECSERVER we can perform the following command successfully:

                         

                        --------------------------------------------------------------------------------------------------------

                        PS C:\PSTools> .\PsGetsid.exe \\11.22.33.44 -u adminuser -p P@SSW0RD

                         

                        PsGetSid v1.44 - Translates SIDs to names and vice versa

                        Copyright (C) 1999-2008 Mark Russinovich

                        Sysinternals - www.sysinternals.com

                         

                         

                        SID for \\11.22.33.44 :

                        S-1-5-21-1396710761-184566441-3370026908

                        --------------------------------------------------------------------------------------------------------

                         

                        PsGetsid.exe is in the same folder as PsExec.exe. They both belong to Sysinternals tools.

                        Maybe, it can help in our research.

                        • 10. Re: PSEXEC error: The handle is invalid.
                          Matthew Ragland

                          Is there anything present in the Windows event viewer? We recently had an issue where Windows Defender was blocking psexec communication on Windows 2K19 servers, and we had to create an exclude. Check the Windows Event viewer>Security to see if you can observe any connection attempts.

                          • 11. Re: PSEXEC error: The handle is invalid.
                            Greinger Longbotton

                            On the Security Log we only see messages like this just after the psexec execution:

                             

                            ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                            PS C:\Users\user_aut> Get-EventLog -Newest 10 -LogName Security | Where-Object Index -Like 2486199 | select -ExpandProperty message

                             

                            An account was successfully logged on.


                            Subject:

                                    Security ID:            S-1-0-0

                                    Account Name:           -

                                    Account Domain:         -

                                    Logon ID:               0x0


                            Logon Information:

                                    Logon Type:             3

                                    Restricted Admin Mode:  -

                                    Virtual Account:                %%1843

                                    Elevated Token:         %%1842


                            Impersonation Level:            %%1833


                            New Logon:

                                    Security ID:            S-1-5-21-1457726038-125753607-735611713-206430

                                    Account Name:           adminuser

                                    Account Domain:         TARGET

                                    Logon ID:               0x121fb3bd

                                    Linked Logon ID:                0x0

                                    Network Account Name:   -

                                    Network Account Domain: -

                                    Logon GUID:             {00000000-0000-0000-0000-000000000000}


                            Process Information:

                                    Process ID:             0x0

                                    Process Name:           -


                            Network Information:

                                    Workstation Name:       PSEXECSERVER

                                    Source Network Address: 66.77.88.99

                                    Source Port:            52673


                            Detailed Authentication Information:

                                    Logon Process:          NtLmSsp

                                    Authentication Package: NTLM

                                    Transited Services:     -

                                    Package Name (NTLM only):       NTLM V1

                                    Key Length:             128

                            ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

                             

                             

                            We don't see anything about Windows Defender blocking anything.

                            • 12. Re: PSEXEC error: The handle is invalid.
                              German Coll

                              Any news about this topic?

                              It is not working and don't know what is happening.

                               

                              Thanks