I’d check whether there is something seriously broken on that handful of machines.
Can you log on to them? Launch a command prompt? Run that script manually?
1 Like
@JasonWalker just logged into about 3 machines, and ran the commands from the command prompt, and there were no issues experienced. Do you have anything else I could try?
Try running them as LocalSystem. Easiest way to do that is to obtain psexec from microsoft.com/sysinternals , and run
psexec -i -s cmd
Then from the elevated command prompt try to run the batch file we created
1 Like
The return code -1073741502 appears to be STATUS_DLL_INIT_FAILED.
In your case, even the the regedit fails with this code. Does regedit works on that system?
2 Likes
Yes. Regedit works just fine.
Anyone have the proper syntax for PSExec to upload a bunch of computer names, and then have it execute the script with all my commands in it? @JasonWalker
I think you should try it, interactively, on one of the problem computers instead.
I suspect there may be something wrong with the LocalSystem account - like a badly-defined PATH or something along those lines.
1 Like
I have tried that. It works great no issues at all once I get on the system via RDP and run the commands. I think this is starting to look like a BigFix issue. Not sure what else could be causing this since the BigFix agent runs as a SYSTEM service. @JasonWalker
Ok, try uninstalling and reinstalling the client; or open a support ticket and see if the support team can help.
1 Like
@jgstew We have done everything already you recommended. From looking at the clients firing back this exit code, it seems like the client is having a hard time running all of the commands and NOT just a single command. The commonality I am seeing between this failing hosts, is that they haven’t been restarted in 13-30 days. Not sure if that has something to do with it.
In order to really help troubleshoot, we need the exact actionscript you try each time. Ideally also the client log output for that actionscript as well.
Also, you would really need to run PSExec to run CMD as SYSTEM, then run the command cmd.exe /c ""reset-nessus.cmd" > c:\reset-nessus.log 2>&1" within it to emulate what bigfix is doing. I know you said you used PSExec, but you have to use it that way specifically to fully emulate what you are doing. (just in general, get the command working in CMD, then try it again using CMD /C "_THE_COMMAND_")
I have edited posts above to put things into code blocks so that forum software doesn’t mess with the formatting.
I just tested this on a machine of mine, and this doesn’t seem to work. SC doesn’t seem to take the friendly name of the service like this on my windows system. Are you sure your commands work when you try them manually?
See here:
C:\Windows\Temp>cmd /c "sc query "BES Client""
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Windows\Temp>cmd /c "sc query "BESClient""
SERVICE_NAME: BESClient
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
I got a similar result when using the sc config option.
You might also need the following at the very top of the action: action uses wow64 redirection false
ALSO it is very important to note that Exit codes don’t come from BigFix itself, it comes from whatever command you run with BigFix and BigFix just passes the error codes onto you as a helpful diagnostic and troubleshooting step.
I would strongly recommend getting just 1 thing to work at a time through bigfix action on a test machine. Like just this and only this: sc.exe config "Tenable Nessus Agent" start=auto before moving onto the next thing.
It would also be helpful to know what specific versions of windows you are doing this on, so that we can better match what you are trying to do.
I’m pretty sure this should be waithidden and not runhidden, but also, I think it needs wrapped in quotes.
These are related:
2 Likes
@jgstew I think we everything is getting jumbled in here so let me post what my actionscript looks like today. This actionscript works on most computers, but there is a select number of computers where this is not working.
runhidden cmd /c "C:\Program Files\Tenable\Nessus Agent\nessuscli.exe" agent unlink --force
waithidden cmd /c sc config "Tenable Nessus Agent" start=auto
waithidden cmd /C sc stop "Tenable Nessus Agent"
action uses wow64 redirection false
delete __createfile
delete wizardedit.reg
createfile until @end_create_reg_file
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Tenable]
"TAG"=-
@end_create_reg_file
move __createfile wizardedit.reg
waithidden regedit /s "wizardedit.reg"
waithidden cmd /C sc start "Tenable Nessus Agent"
runhidden cmd /c "C:\Program Files\Tenable\Nessus Agent\nessuscli.exe" agent link --key=24a3e7e9448ff --host=abc123com --port=8834What OS are the computers running where it doesn’t work?
This definitely doesn’t work on my Windows 2012R2 test machine, and I suspect it also doesn’t work on Windows 7 or Windows 8.1 but I haven’t tried it. It likely doesn’t work anywhere in which this is true: exists versions whose(it < "6.4") of operating systems
If all of the places it does not work are a certain version of windows OR older, then that is probably the issue.
You have to test scripts on both the oldest and newest versions of the OS you are going to run it against and you either need to write it to the lowest common denominator, or you need to do it differently depending on OS version. Also, when you begin rolling things out, if it doesn’t work on a specific set of systems, then test it manually on that exact OS version to see if there is something there that is different.
Generally once you get things working on 1 version of windows, it will work everywhere, but that isn’t a safe assumption until it has been tested everywhere.
That is a pretty significant piece of the puzzle. You need to give us the windows names / versions of the systems in which it doesn’t work or anything else that might be common about them. It would also be useful to understand what % of systems the failures represent. It would also be helpful to know if there are any apparent successes on the specific OS versions in which there are also failures.
1 Like