1

PsExec (v2.11) can take up to a minute to invoke a process, either locally or remotely.

I'm using the following command line:

psexec.exe -u domain\username -p mypassword -accepteula -d -h \\machinename C:\path\to\myapp.exe

I have the firewall disabled on all machines.

What else can I look at?

UPDATE: I used procmon to highlight the delay:

enter image description here

Mark Richman
  • 286
  • 5
  • 15
  • It might be your antivirus software checking binary and memory footprint. Try to disable whatever you have to see would it make any difference. – NISMO1968 Apr 11 '20 at 11:29

2 Answers2

0

On windows server (2008 to 2019) there are 3 default rules that need to be enable:

  • Go to: windows defender firewall with advanced security
  • Go to: Inbound Rules
  • Right clic on Inbound Rules Filter by Group -> Filter by Remote Service Management
  • Enable those 3 rules for domain (if you set your connection as Domain)

Remote Service Management (NP-In)
Remote Service Management (RPC)
Remote Service Management (RPC-EPMAP)

PsExec v2.34

C.

Cramaboule
  • 1
0

The command indirectly open a user session under the specified username to run the process, thus it will be long, you can't do much for that problem.

Only tip to make it a bit faster:

  • You can try with -s to run the process as a LOCAL SYSTEM.

  • Try with -e, so it does not load the user profile.

yagmoth555
  • 16,300
  • 4
  • 26
  • 48
  • I just tried those, and it doesn't seem to have any effect. It's interesting because this slowness just started today. The IT guys *swear* nothing changed ;-) It used to start rather instantaneously. – Mark Richman Mar 02 '16 at 02:11
  • @MarkRichman Check in add/remove program, and verify if any update got installed :) Some nasty (with already know related problem) went live last month. – yagmoth555 Mar 02 '16 at 02:30
  • Which update has the known issue? – Mark Richman Mar 02 '16 at 02:31
  • KB3134228 (https://technet.microsoft.com/en-us/library/security/ms16-feb.aspx, https://support.microsoft.com/en-us/kb/3134228) Not wrote in the KB text, but on my side it broke a Citrix PVS's server (5.6SP3) to manage virtual machine active directory password. – yagmoth555 Mar 02 '16 at 02:38
  • So PsExec is permanently broken by this KB? Or are we waiting for another KB to fix the regression? – Mark Richman Mar 02 '16 at 02:40
  • @MarkRichman I just suggest to check if any KB got installed first :) act after :) – yagmoth555 Mar 02 '16 at 02:40
  • I don't see that particular KB anywhere, and the most recent KB was 5 days ago. Things were working well more recently than that, so that can't be it. – Mark Richman Mar 02 '16 at 02:47
  • 1
    @MarkRichman anyhow, run a processmonitor and watch where is the timeout would be the next step – yagmoth555 Mar 02 '16 at 03:02
  • I ran procmon, and you can see the long delay. Otherwise, it's very unrevealing. I've filtered the view to "begins with psexe" to include both psexec and psexesvc. http://imgur.com/2CSknwl – Mark Richman Mar 02 '16 at 15:30
  • @MarkRichman in the delay, what is between ? an AV in example ? an dns request to authentificate ? .. please include/analyse it :) – yagmoth555 Mar 02 '16 at 15:47
  • The procmon trace is huge, so I can't include all the events. But yes, there is McAfee involved. We've disabled it to the extent possible on the machine, but the issue persists. We don't see DNS requests, only LDAP requests to the domain controller for authentication, but those are quick. – Mark Richman Mar 02 '16 at 17:15
  • @MarkRichman strangley enought, another user just posted a question about psexec on SF. – yagmoth555 Mar 02 '16 at 18:34