Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > PsTools
  New Posts New Posts RSS Feed: psservice: How does this work on a server
  FAQ FAQ  Forum Search   Calendar   Register Register  Login Login

psservice: How does this work on a server
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
B3rt View Drop Down
Newbie
Newbie
Avatar

Joined: 10 July 2006
Location: Netherlands
Online Status: Offline
Posts: 25 		  Quote B3rt Quote  Post ReplyReply Direct Link To This Post Topic: psservice: How does this work on a server
    Posted: 13 November 2006 at 9:59am
I downloaded the psservice tool from the pstools kit.

I want to start and stop services on a remote server which is located in a datacenter, so this server is outside my private network.

How can I get this to work?
I eventuelly have to start and stop services using a PHP website which triggers the commandline and start or stops services on remote servers.
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 2:43pm
Good evening, B3rt.

I'd say first things first: Before you start calling psservice from inside PHP scripts, try to find out how to achieve your goal by using psservice at the commandline directly.

Once you have achieved this, you may start trying to do the same from within PHP scripts. This will add an extra layer of protential problems. This is why I say, start on the commandline first.

In order to learn how to use the commandline tool psservice.exe you may like to consult
+ the output of psservice -? or
+ the psservice webpage

If you are working on a current Windows version, you may also have a look at the commandline tool sc.exe which ships with Windows and which ought to be able to administer services remotely, too.

Kind regards,
Karl


Edited by Karlchen - 13 November 2006 at 2:43pm
Back to Top
B3rt View Drop Down
Newbie
Newbie
Avatar

Joined: 10 July 2006
Location: Netherlands
Online Status: Offline
Posts: 25 		  Quote B3rt Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 2:55pm
The problem is not the PHP but the usage of psservice

I tried to get it running from the commandline but I failed, I discovered that it only works when the server is in the same network.

I was looking for a tool to start and stop services on other servers which are NOT in the same network.
For example 1 servers is located in Amsterdam on which the command is given, the other server is in London on which the service is located and must be started.

The intention is that by giving a commandline commando in Amsterdam the service in London is started.
Why commandline?
Because it is easy using PHP to start a commandline function when this works.

After searching the Internet I found out that this is not possible what I want with psservice.exe and also not with sc.exe, it seams those tools only work if both machines are within the same network.\

So now I al looking for an other solution for starting services remotely, anyone an idea?
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 4:11pm
Hi, B3rt.
I tried to get it running from the commandline but I failed, I discovered that it only works when the server is in the same network.

What do you mean by in the same network?
Of course you will need to be able to contact your remote server.
If the servers are in different domains, this is not a real problem.
(My machine is in no domain, but I can access my company machines which are in a domain, nonetheless, and launch PSTools commands just fine.)

Let us assume you are logged on to your machine in Amsterdam:

Can you ping your server in London? Does 
ping server_London
work? (replace server_london by the real name or by the IP address)

No? Unless spefically ICMP packets are dropped, then no need to go on. No network connection, no remote command execution.

Yes? OK, then we may go on.

Can you successfully execute these commands? 
net use \\server_London\Admin$ /user:Administrator 

dir \\server_London\Admin$ 

net use \\server_London\Admin$ /delete (only disconnects, does not delete anything.)

No? Which error messages do you get?
Please report them here so it will be possible to tell what is missing. (Camouflage any confidential information, please, no real names, no real passwords, no real IP addresses, nor real server names)
As long as you cannot execute these simple commands, no need to try any PStools command, including psservice.

Yes, the commands work? Fine, then there is no good reason why psservice should not work, too.

(Please go through item #2 here)

HTH,
Karl


Edited by Karlchen - 13 November 2006 at 4:12pm
Back to Top
B3rt View Drop Down
Newbie
Newbie
Avatar

Joined: 10 July 2006
Location: Netherlands
Online Status: Offline
Posts: 25 		  Quote B3rt Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 4:36pm
Same network is:
192.168.1.1 ~ 192.168.1.255
255.255.255.0 and same workgroup

When my machine is (example) IP 83.98.66.144 and the server I which to remotely manage is IP 62.212.44.6 then this is NOT the same network. (ip's are made up as example)

The server it self works, it ping, traces and I can remotely connect using Remote desktop manager

But when I try to connect with psservice or you example I get an error:

C:\Documents and Settings\Administrator>net use \\62.212.44.6\Admin$ /user:Administrator
Systeemfout 53. (translated: System error 53)

Kan het netwerkpad niet vinden. (cannot find networkpath)

Simular errors when using psservice and sc.exe

I even disabled both firewalls to be sure there is nothing blokking the signal.

What I do not understand is the following:
- Why must there no-where a username and password set on the remote server?
If this should work then everyone can connect and give commands, this is very unsafe and not very logical.

So must there not first a setup made on the remote server?
Isn't there somewhere a username and password set first?

I really don't understand how psservice can connects to a server without setting up an account to connect to.
When I connect to a server with my private LAN I do not have to use any password at all, so how safe is this and is that not the reason why this wil never work? (because it is unsafe?)
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 13 November 2006 at 6:00pm
Hi, B3rt.

The only open port really needed on the target machine is TCP 445.
The Microsoft Network functionality must be available.
This was the essence of the 3 commands.

There is no real need to rely on guesses as to what is being done or not, the required information is available, even through this forum. So, please, read
  • item #2, here

  • PsService (pay attention to the -u / -p parameters)

  • item #24 PsExec: What is the difference between implicit authentication and explicit authentication? here

  • and in particular the thread psexec - remote share problem.
    Although the different ways of authentication are explained for psexec, the same rules apply to psservice, too, much as for other PSTools commands.

So your assumptions about any lack of authentication are not supported by the facts.

The basic problem that you need to solve is the error 53 when trying to net use ... your server in London. It may be necessary to have a talk to your network experts to clear up and solve the reason for the error 53.

When you executed the command 
net use \\server_London\Admin$ /user:Administrator
it should have come up with a prompt asking for the Administrator password of the server in London.

It very likely did not do so, because the resource \\server_london\Admin$ was not visible at all, not because "net use" does not require authentication. And this is what you should ask your network experts about.

Karl

Edited by Karlchen - 14 November 2006 at 5:05am
Back to Top
B3rt View Drop Down
Newbie
Newbie
Avatar

Joined: 10 July 2006
Location: Netherlands
Online Status: Offline
Posts: 25 		  Quote B3rt Quote  Post ReplyReply Direct Link To This Post Posted: 19 November 2006 at 9:11am
What services should be running?

I only need psservice to work, must file and printer sharing be enabled for this?
Is only port 445 needed?



Edited by B3rt - 19 November 2006 at 9:24am
Back to Top
B3rt View Drop Down
Newbie
Newbie
Avatar

Joined: 10 July 2006
Location: Netherlands
Online Status: Offline
Posts: 25 		  Quote B3rt Quote  Post ReplyReply Direct Link To This Post Posted: 19 November 2006 at 2:05pm
I have 2 aditional questions.
(I have it working now)

1:
How is the username and password send, is it in plain text, how safe is it?

2:
Is there a way to start the services remotely by an other user, I now only can start or stop the service when I send the administrator user and pass. I want to create an user which is only used for remote starting services by psservice. I created a user and placed it under the user group, of course it cannot start any services, als in the poweruser group I cannot start remotely any service, Only when I give the remote command as Administrator it works.

How does this work?
Back to Top
Karlchen View Drop Down
Senior Member
Senior Member
Avatar

Joined: 18 June 2005
Location: Germany
Online Status: Offline
Posts: 5121 		  Quote Karlchen Quote  Post ReplyReply Direct Link To This Post Posted: 20 November 2006 at 5:22pm
Originally posted by B3rt

What services should be running? I only need psservice to work, must file and printer sharing be enabled for this? Is only port 445 needed?

The target machine must accept incoming connections on port 445.
The target machine needs to be running File And Printer Sharing. No printers actually need to be shared, just the function must be activated. No additional file shares need to exist except for the administrative shares, IPC$, Admin$.

1: How is the username and password send, is it in plain text, how safe is it?

Plain text, I must admit. - May be good enough for a LAN or a VPN tunnel. - Would make me feel insecure if I had to use it openly across the internet e.g.

2: Is there a way to start the services remotely by an other user, I now only can start or stop the service when I send the administrator user and pass.

The user on the target machine must have admin privileges for psservice to work.

About psservice
(I have it working now)

Would you mind telling us how you solved the error 53?
(Provided you can do so without revealing confidential information.)

Karl

Back to Top
B3rt View Drop Down
Newbie
Newbie
Avatar

Joined: 10 July 2006
Location: Netherlands
Online Status: Offline
Posts: 25 		  Quote B3rt Quote  Post ReplyReply Direct Link To This Post Posted: 20 November 2006 at 6:11pm
VPN is not an option, so it is not secure to use over the Internet.

I have no idea how it is solved, I still cannot connect from my personal PC to the server, but from 1 server to an other (2 different locations) it worked.

Why it does not work from my own PC to a server I don't know
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Privacy Statement