Wednesday, October 26, 2016

Remotely configuring “Startup type” and “Service status” with the “sc” command

I’ve been asked the several times in the past by colleagues about what is the best way to remotely configure the Startup type and Service status of a Windows desktop or server so I thought it would be good to write a blog post so I could direct these questions to.

The method I use to remotely configure a service is the sc command as described in the following TechNet article:
https://technet.microsoft.com/en-us/library/bb490995.aspx

#1 – Review a service’s properties (Startup type)

To review a remote computer’s service’s property, execute the following:

sc \\<computerName> qc wsearch

The following is an example of the output:

C:\>sc \\tmrsvd-048 qc wsearch

[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: wsearch

TYPE : 10 WIN32_OWN_PROCESS

START_TYPE : 2 AUTO_START (DELAYED)

ERROR_CONTROL : 1 NORMAL

BINARY_PATH_NAME : C:\Windows\system32\SearchIndexer.exe /Embedding

LOAD_ORDER_GROUP :

TAG : 0

DISPLAY_NAME : Windows Search

DEPENDENCIES : RPCSS

SERVICE_START_NAME : LocalSystem

C:\>

image

Note that the above output would tell you the Startup Type.

#2 – Review a service’s status (Service status)

To review a remote computer’s service’s status, execute the following:

sc \\<computerName> query wsearch

The following is an example of the output:

C:\>sc \\tmrsvd-024 query wsearch

SERVICE_NAME: wsearch

TYPE : 10 WIN32_OWN_PROCESS

STATE : 4 RUNNING

(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

C:\>

image

Note that the above output would tell you the Service status (whether it is running or stopped).

#3 – Configure a service’s Startup Type

To configure a remote computer’s service’s Startup Type, execute the following:

sc \\<computerName> config wsearch start=<startup Type>

The startup type options are as follows:

  1. auto
  2. demand
  3. disabled
  4. delayed-auto

**Note that demand is manual.

More information about the switches can be found in the following TechNet article:
https://technet.microsoft.com/en-us/library/cc990290(v=ws.11).aspx

The following is an example of the output:

C:\>sc \\tmrsvd-075 config wsearch start=delayed-auto

[SC] ChangeServiceConfig SUCCESS

image

#4 – Starting or stopping a service

To start or stop a remote computer’s service, execute the following:

sc \\<computerName> <start or stop> wsearch

More information about the switches can be found in the following TechNet article:
https://technet.microsoft.com/en-us/library/cc742126(v=ws.11).aspx

The following is an example of the output:

C:\>sc \\tmrsvd-075 stop wsearch

SERVICE_NAME: wsearch

TYPE : 10 WIN32_OWN_PROCESS

STATE : 3 STOP_PENDING

(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x1

WAIT_HINT : 0x7530

C:\>

image

C:\>sc \\tmrsvd-075 start wsearch

SERVICE_NAME: wsearch

TYPE : 10 WIN32_OWN_PROCESS

STATE : 2 START_PENDING

(NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x4

WAIT_HINT : 0x7530

PID : 4172

FLAGS :

C:\>

image

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

With the commands above, we can create a batch file to bulk configure a set of computers as such:

rem --Used to set service to auto delayed start and then start the service--

sc \\computer-071 config wsearch start=delayed-auto
sc \\computer-071 start wsearch
sc \\computer-072 config wsearch start=delayed-auto
sc \\computer-072 start wsearch
sc \\computer-073 config wsearch start=delayed-auto
sc \\computer-073 start wsearch
sc \\computer-074 config wsearch start=delayed-auto
sc \\computer-074 start wsearch
sc \\computer-075 config wsearch start=delayed-auto
sc \\computer-075 start wsearch

rem --Used to check service--

sc \\computer-024 query wsearch
sc \\computer-024 qc wsearch
sc \\computer-075 query wsearch
sc \\computer-075 qc wsearch

Hope this helps anyone looking for an easy way to configure a remote computer’s service.

Tuesday, October 4, 2016

Installing VMware Horizon View agent onto Windows 7 desktop causes RDP to no longer work

Problem

You’ve installed or upgraded to the latest VMware Horizon Agent onto a Windows 7 virtual desktop:

image

… but quickly noticed that you are no longer able to RDP to the virtual machine as the following error message is thrown:

This computer can’t connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

image

Proceeding to review the System logs on the Windows 7 virtual desktop displays the following error message every time you attempt to remote desktop to the machine:

Log Name: System

Source: Schannel

Event ID: 36871

Level: Error

image

One of the common troubleshooting steps that typically show up during searches on the internet is to Enable the Require use of specific security layer for remote (RDP) connections and set the Security Layer to Negotiate as shown in the following screenshot:

image

Unfortunately, the solution above does not correct the problem.

Windows 10 virtual desktops does not appear to exhibit this issue.

Solution

One of the reasons why installing the Horizon View 7 agent would cause this issue is because the installation appears to disable TLS 1.0 on the Windows 7 desktop if it is not already disabled.  You can confirm this by launching the registry editing on the desktop and navigating to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server\

image

Note that the Enabled REG_DWORD in the screenshot above is set to 0 which is disabled.  You can quickly get RDP to work again by changing the value to 1 but this is not the best solution as it is best practice to leave TLS 1.0 off.

----------------------------------------------------------------------------------------------------------------------------------------------------------------

**Note that downgrading the View agent to 6.2 would actually remove the TLS 1.0 key in the registry thus re-enabling it and causing RDP to work again:

image

----------------------------------------------------------------------------------------------------------------------------------------------------------------

The proper steps to correct this issue is to ensure that the patch supplied in the following KB article is installed onto the Windows 7 desktop:

Update to add RDS support for TLS 1.1 and TLS 1.2 in Windows 7 or Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/3080079

Download the .msu file:

image

Complete the install:

image

image

… and RDP should now work again.