PSExec as a Helper in Troubleshooting
What
The PS Tools from Microsoft (from SysInternals) are a terrifically powerful tool to help you troubleshoot when all else fails. In this article we'll look at how you can use PSExec to help troubleshoot an ill-behaving FileWave Client.
When/Why
From time to time, things don't work right. None of us would be employed if this weren't the case, so let's look on the bright-side of that! But what to do if a FileWave client on a Windows device is misbehaving, and you can't communicate through normal FileWave channels? PSEXEC to the rescue.
How
Assumptions made in the following:
1) You have download PSTools, and unzipped
2) That you launched a cmd prompt as a domain admin user (makes credentials issue easier to deal with)
3) That you have changed directory into the directory where PSTools is located
We'll start by simply connecting to the remote computer by name in an interactive PSEXEC shell:
psexec64 \\computername -h cmd
You'll end up in a shell like the below ('exit' will allow you to leave that shell)
Now, what's remarkable about this is that shell is running as your domain admin account, and you can do anything on it you can do from the command line. This article isn't meant to be a Windows CLI primer, but the following are some examples of things we could do if we assume we have a device that isn't reporting in correctly:
- Check the FileWave Client Service:
- Stop the FW Client Service
sc stop filewavewinclient
- Restart the FW Client Service
sc start filewavewinclient
- If the service won't start or stop, maybe we need to kill it forcefully by:
- Looking for the client process
- And then killing it by PID
-
taskkill /PID 16264 /F
-
Note that this same procedure can be very helpful to clear up a misbehaving Windows Update agent. When Windows Update hangs, the service itself usually won't stop. Taskkill /SVC | find wuauserv will identify the proper task to stop to correct this. (A reboot is also corrective for this, but onviously impacts the use of the device)
-
- Check the FW Client Log for entries from today
-
type c:\programdata\filewave\fwclient\fwcld.log | findstr mm-dd
- (where mm-dd is today's date such as 05-16)
-
- Get the IP of the workstation
-
ipconfig
-
- Restart the device (which is obviously destructive to any existing user)
-
shutdown -r -t 0 -f
-
- Determine if there are other users logged in
- Get the last boot time