Cannot connect to remote registry

Cannot connect to remote registry on “Computer” is an error that is pretty much self explanatory and you get it when trying to access a process (remotely) that requires the Remote Registry service to be started.
For instance, I do get “Cannot connect to remote registry” a lot when trying to use PsList (from PsTools) to grab the current running processes on a remote machine. The error I get when the remote registry service is not started is (in the example below the target machine is called LAP020):

Cannot connect to remote registry on lap020:
The network path was not found.
Failed to take process snapshot on lap020.
Make sure that the Remote Registry service is running on the remote system, that you have firewall ports allow RPC access, and your account has read access to the following key on the remote system:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Perflib

Here’s the screenshot with the error.

pslist-cannot-connect-to-remote-registry

How to start the remote registry remotely

Since I am running a command remotely, it means I need to start the remote registry remotely. In order to do that, run the following command (requires PsExec from PsTools):

This will fail most of the times because generally RemoteRegistry is disabled and you cannot start a disabled service!

psexec-sc-start-service-failed

So here’s what you’d do to enable it first (I will set it to automatically start):

psexec-sc-config-service-start-auto

If you don’t want to configure it as automatic, you may use these other options:

  • boot
  • system
  • auto
  • demand
  • delayed-auto

You may disable it again by running:

Now that is enabled, I will try to start the Remote Registry service:

psexec-sc-start-service

You may finally run the command you had issues with in first place, in this example it’ll be PsList on LAP020.

pslist-basic

Read More

Run an MSI with PSExec

Run an MSI with PSExec remotely is very simple, but most of the times people forget that we need to launc msiexec.exe in order to actually run the .msi.
In order to remotely run an MSI with PSExec, located in a share, you would need to run the following command:

So in the example above we have the following:

  • \\TargetComputer is obviously the remote machine where you want the MSI to run on.
  • -d can be avoided, but I like it as it won’t need to wait for the process to finish to keep using my cmd session. As per psexec’s help: Don’t wait for process to terminate (non-interactive).
  • -s: Run the remote process in the System account.
  • Cmd /c “command in quotes” will run a command prompt on the remote machine that will execute what’s contained in quotes “”.
  • msiexec.exe /I “\\Share\repository\mymsi.msi” /quiet /norestart will run the MSI. It first calls msiexec to run the MSI with /I option (normal installation). It then needs the package name (full path to the file in the share), this one is also in quotes in case it has spaces. /Quiet and /norestart are MSI dependent and it depends if the MSI has got these options or not.

If you have an MSI with no switches required and you want to wait for the process to terminate, run this:

Practical example (Install LAPS x64 remotely)

Let’s say you want to install LAPS on LAPSSRV01 and the application (MSI) is located here:
\\lapsdc01\LAPS_REPOSITORY$\LAPS.x64.msi

You will need to run the following:

Run an MSI with PSExec

This will install LAPS x64 on the target machine.

Read More