powershell Start-Process exit code -1073741502 when used with Credential from a windows service environment -


i'm running strange behavior powershell start-process call.

here call:

$process = start-process `     "c:\somepath\mybinary.exe" `     -passthru `     -credential $defaultcredential `     -wait `     -workingdirectory  "c:\somepath" `     -loaduserprofile if ($process.exitcode -ne 0) { #do } 

this call return exit code -1073741502.
after quick search, exit code seems related generic error when program not load required dll (aka. status_dll_init_failed).

when run without -credential $credential program runs correctly.

in order isolate problem, manually launched some.exe in prompt target credential , runs smoothly.

so problem seems come way start-process cmdlet launch process.

i found potential solutions problem tried apply no luck : link , link.

would have idea of what's going on here ?

edit 1:
run proc mon monitoring program activities when launched directly or via powershell script. problem seems occur when loading kernelbase.dll.

local procmon dump (working):

9:06:35.3837439  mybinary.exe    2620    load image  c:\windows\syswow64\kernelbase.dll  success image base: 0x76270000, image size: 0x47000 9:06:35.4317417  mybinary.exe    2620    regopenkey  hklm\system\currentcontrolset\control\nls\sorting\versions  reparse desired access: read 9:06:35.4317751  mybinary.exe    2620    regopenkey  hklm\system\currentcontrolset\control\nls\sorting\versions  success desired access: read 9:06:35.4318016  mybinary.exe    2620    regsetinfokey   hklm\system\currentcontrolset\control\nls\sorting\versions  success keysetinformationclass: keysethandletagsinformation, length: 0 9:06:35.4318152  mybinary.exe    2620    regqueryvalue   hklm\system\currentcontrolset\control\nls\sorting\versions\(default)    success type: reg_sz, length: 36, data: 00060101.00060101 ... 

powershell procmon (failing, see thread exit, , process exit code -1073741502):

9:35:07.9455191  mybinary.exe    2276    load image  c:\windows\syswow64\kernelbase.dll  success image base: 0x76270000, image size: 0x47000 9:35:07.9537146  mybinary.exe    2276    thread exit     success thread id: 5112, user time: 0.0000000, kernel time: 0.0000000 9:35:07.9537386  mybinary.exe    2276    querynameinformationfile    c:\windows\system32\apisetschema.dll    success name: \windows\system32\apisetschema.dll 9:35:07.9537686  mybinary.exe    2276    querynameinformationfile    c:\somepath\mybinary\mybinary.exe   success name: \somepath\mybinary\mybinary.exe 9:35:07.9537914  mybinary.exe    2276    querynameinformationfile    c:\windows\system32\wow64cpu.dll    success name: \windows\system32\wow64cpu.dll 9:35:07.9538134  mybinary.exe    2276    querynameinformationfile    c:\windows\system32\wow64win.dll    success name: \windows\system32\wow64win.dll 9:35:07.9538349  mybinary.exe    2276    querynameinformationfile    c:\windows\system32\wow64.dll   success name: \windows\system32\wow64.dll 9:35:07.9538579  mybinary.exe    2276    querynameinformationfile    c:\windows\system32\ntdll.dll   success name: \windows\system32\ntdll.dll 9:35:07.9538796  mybinary.exe    2276    querynameinformationfile    c:\windows\syswow64\ntdll.dll   success name: \windows\syswow64\ntdll.dll 9:35:07.9539425  mybinary.exe    2276    process exit        success exit status: -1073741502, user time: 0.0000000 seconds, kernel time: 0.0000000 seconds, private bytes: 339,968, peak private bytes: 401,408, working set: 1,523,712, peak working set: 1,826,816 

edit 2:
should mention powershell script run service (it's bamboo service agent). , found thread saying:

process.start internally calls createprocesswithlogonw(cplw) when credentials specified. createprocesswithlogonw cannot called windows service environment (such iis wcf service). can called interactive process (an application launched user logged on via ctrl-alt-delete).

my guess powershell start-process call making uses of createprocesswithlogonw...

edit 3:
service run custom user (because cannot impersonate system), read link. tested ensuring "allow service interact desktop" enabled. because it's available non custom accounts set hand on registry altering hklm\system\currentcontrolset\services\%myservice% type key (as described here , here).

start-process 'alias' system.diagnostics.process.start(), yes, make use of createprocesswithlogonw(). noted, method can't called service process, can called 'interactive' process. caveat "only" 1 you've discovered - when aren't changing credentials, can @ least process started. (this may bug - microsoft support engineer spoke issue "surprised" worked @ all.)

the (supported) way launch process inside service process use native win32 api method createprocessasuser(). example of how c#.net can found in the answer question mentioned in edit #2.

a windows process must launched part of user session. if launching process running part of interactive session - kind logged in using ctrl+alt+delete , have desktop open - can use createprocesswithlogonw(), use current user session automatically. if launching process service, or "batch" process (as scheduled tasks are), launching process must either create new user session (or identify existing one) launch new process in (which code in afore-mentioned answer does.)


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

Kivy: Swiping (Carousel & ScreenManager) -