none
Rebooting a workstation with failed auto-login

    Soru

  •  

    Hello all not sure this is the correct place to post, but here it goes:

    I am creating my 1st Powershell script. My target is XP thin clients that have dropped from our domain.

    I need to:
    1. Unlock the write filter
    2. Reboot
    3. Remove from domain
    4. Re-join Domain
    5. Lock write filter
    6. Reboot

    Sounds easy enough. I was able to write the script and it tested perfectly, however when I tried it on actual Thin clients that have dropped I have a bug I cannot figure out.

    Scenario:
    The Thin clients are set to auto login with a restricted domain user account. When the trust fails, the auto-login will fail with a message about not being able to connect to a domain controller.

    My reboot code:
    psexec -sd \\$TargetComputer -u $TargetComputer\administrator -p $global:admpwd  shutdown -r -t 00

    I have tried with the –sd and without.  Psexec is remote executing the shutdown command successfully, but Shutdown.exe  Is reporting “The device is not ready.” Everything I have searched for says this was fixed in SP2. All of our thin clients are at SP3.

    Has anyone seen this before?
    Or is there another way to send a reboot other than shutdown.exe?

    29 Şubat 2012 Çarşamba 18:51

Tüm Yanıtlar

  • What if you run:

    shutdown /r /t 0 /m \\$targetcomputer

    ?


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    29 Şubat 2012 Çarşamba 19:13
  •  

    That does not work.

     Because the trust has failed and I need to pass local admin credentials. Shutdown uses the rights of the originating logged on user.

    29 Şubat 2012 Çarşamba 19:17
  • I belive I tried that. I will try it again and post results as soon as I have another Target to attempt (there are several a day).
    29 Şubat 2012 Çarşamba 19:23
  • PowerShells Restart-Computer?
     
    you can pass it creds so that will help with the trust thing but if
    Shutdown.exe and psshutdown.exe arent working, not sure that will resolve
    it.
     
    might want to take the question to a support forum.
     
     

    Justin Rich
    http://jrich523.wordpress.com
    PowerShell V3 Guide (Technet)
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    29 Şubat 2012 Çarşamba 19:30
  •  

    OK results……getting closer

    psshutdown \\$TargetComputer -r -u $TargetComputer\administrator -p $admnpwd -f -t 00

    This command works..BUT…. the computer will not reboot until the Logon message is clicked

    29 Şubat 2012 Çarşamba 22:50
  • Anyone have any ideas?

    The goal here is to make this as automated as possible

    01 Mart 2012 Perşembe 01:03
  • This is not a solution, it is a work-around.  Why are your workstations "dropping off the domain"?  In all my time this has never happened to me.

    Find the cause of your problem, and all this scripting will not be needed.


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    01 Mart 2012 Perşembe 04:57
  • Hi,

    Based on the message, it seems like that the trust between the computer and domain has failed. I would like suggest you reset the compuer account and then try it again.

    Best Regards,

    Yan Li


    Yan Li

    TechNet Community Support

    01 Mart 2012 Perşembe 05:06
    Moderatör
  • Per my 1st post --- "My target is XP thin clients that have dropped from our domain. "

    @bigteddy You are absolutely correct this is a workaround until we figure out what the cause is. We believe it has to do with the FBWF on the thin clients, but this is off topic and I would like to find a solution to my issue.

    @Yan the whole purpose of my script is to just that. We have over 8,000 thin clients on our network and it is time consuming dealing with a symptom instead of working on the cause.

    01 Mart 2012 Perşembe 17:10
  • I tried:

                    $LocalCreds = Get-Credential $TargetComputer\administrator
                        Restart-Computer -ComputerName $TargetComputer -force -Credential $LocalCreds

    It retuns access denied:

    Restart-Computer : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    At C:\Scripts\Rejoin a Domain.ps1:34 char:18
    +     Restart-Computer <<<<  -ComputerName $TargetComputer -force -Credential $LocalCreds
        + CategoryInfo          : NotSpecified: (:) [Restart-Computer], UnauthorizedAccessException
        + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.RestartComputerCommand

    01 Mart 2012 Perşembe 17:18
  • I recently had a computer that lost it's trust relationship to the domain.  It displayed similar problems when trying to remote into it.  In fact, this is what alerted me to the fact that the trust was destroyed.  However, I didn't try to work with it's local credentials.

    But I believe that the "Access denied" errors you are getting with all the restart methods are a result of this lost trust.  Why local credentials don't work, I can't explain.

    I am out of suggestions on this problem.


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)

    01 Mart 2012 Perşembe 17:44
  • you should probably take this to the XP support forums, you might get some
    better answers. Its not really a tool problem, but a security problem. It
    might not even be possible because of security restrictions due to the
    fractured trust status..
     
     

    Justin Rich
    http://jrich523.wordpress.com
    PowerShell V3 Guide (Technet)
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    01 Mart 2012 Perşembe 17:46
  •  

    OK results……getting closer

    psshutdown \\$TargetComputer -r -u $TargetComputer\administrator -p $admnpwd -f -t 00

    This command works..BUT…. the computer will not reboot until the Logon message is clicked

    The point is not what the message says..... I prob should have used a differant screen shot. If some has seen the issue of rebooting a workstation with a logon Message. let me know... I wil try some of the other forums thanks all for the input.

    I did make a little movement

    01 Mart 2012 Perşembe 18:38
  • I have had the same issue before and I can give you a workaround. However it is not recommended or supported in any way and should only be used as a last resort.

    use psexec to connect to the remote system and taskkill the winlogon process. This will cause a blue screen error and reboot the system.

    It is not pretty but in a pinch it will allow you to get the system back to a state where you can restore service.

    02 Mart 2012 Cuma 03:56
  • I have had the same issue before and I can give you a workaround. However it is not recommended or supported in any way and should only be used as a last resort.

    use psexec to connect to the remote system and taskkill the winlogon process. This will cause a blue screen error and reboot the system.

    It is not pretty but in a pinch it will allow you to get the system back to a state where you can restore service.


      

    psexec \\$TargetComputer -u $TargetComputer\administrator -p $admnpwd taskkill /im winlogon.exe

    ERROR: The process "winlogon.exe" with PID 692 could not be terminated.

    Reason: This is critical system process. Utility cannot end this process.

    psexec \\$TargetComputer -u $TargetComputer\administrator -p $admnpwd taskkill  /fi "WINDOWTITLE eq Logon Message"

    INFO: No tasks running with the specified criteria.


    02 Mart 2012 Cuma 22:25
  • Neoalreadytaken, check this out:

    http://blogs.technet.com/b/heyscriptingguy/archive/2012/03/02/use-powershell-to-reset-the-secure-channel-on-a-desktop.aspx


    Grant Ward, a.k.a. Bigteddy

    What's new in Powershell 3.0 (Technet Wiki)


    I don't think this will work as the trust is already broken, but this info is definatly worth study. Could help of the trouble shooting the cause
    Thank you
    02 Mart 2012 Cuma 22:27