[Bug 16882] New: WMI core 1.5 installation hangs (needed for .NET 3.0 installer, WCF part), SECURITY_SERVICE_RID missing from service token group
http://bugs.winehq.org/show_bug.cgi?id=16882
Summary: WMI core 1.5 installation hangs (needed for .NET 3.0 installer, WCF part), SECURITY_SERVICE_RID missing from service token group Product: Wine Version: 1.1.12 Platform: Other URL: http://www.microsoft.com/downloads/details.aspx?familyid =AFE41F46-E213-4CBF-9C5B-FBF236E0E875 OS/Version: other Status: UNCONFIRMED Severity: normal Priority: P2 Component: advapi32 AssignedTo: wine-bugs@winehq.org ReportedBy: focht@gmx.net
Hello,
after getting past bug 16879 one encounters this one.
---- Prerequisite:
1. clean WINEPREFIX 2. sh winetricks -q dotnet20 3. download .NET 3.0 Framework installer from: http://download.microsoft.com /download/4/d/a/4da3a5fa-ee6a-42b8-8bfa-ea5c4a458a7d/dotnetfx3setup.exe (sha1sum: a566bcd2ffffc3842a95adc57f7df3f8cd11577f) 4. export _SFX_CAB_SHUTDOWN_REQUEST=1 (workaround, see bug 9158) 5. wine ./dotnetfx3setup.exe
It might take a while until all required packages are downloaded using BITS.
Note: If you need to redo steps, backup the directory "dotnetfx304506.30" from "c:\windows\temp" to a different location, remove ~/.wine, copy "dotnetfx304506.30" again to "c:\windows\temp" to prevent BITS from downloading over and over again. ----
"c:\windows\temp\dd_dotnetfx3error.txt":
--- snip --- [01/11/09,12:50:20] Windows Communication Foundation: [2] Error: Installation failed for component Windows Communication Foundation. MSI returned error code 1603 [01/11/09,12:50:31] WapUI: [2] DepCheck indicates Windows Communication Foundation is not installed. [01/11/09,12:50:31] WapUI: [2] DepCheck indicates Microsoft .NET Framework 3.0 was not attempted to be installed. --- snip ---
"c:\windows\temp\dd_wcf_retMSI597F.txt":
--- snip --- 1: C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe /r /x /y /v 2: 1: ERROR: Process returned non-0 value! CMDLINE: C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe /r /x /y /v 2: 1: Failed 2: --- snip ---
and "c:\windows\temp\dd_wcf_retCA69A1.txt":
--- snip --- === Verbose logging started: 1/11/2009 12:50:17 Calling process: C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe === ServiceModelReg [12:50:18:302]: Warning: Could not detect IIS installation or IIS is disabled, skipping the Web Host Script Mappings component since it depends upon IIS to function properly. If you believe this message is an error, check your IIS installation to make sure it is installed properly. ServiceModelReg [12:50:18:329]: Information: The ServiceModelReg tool will take the following actions: Reinstalling configuration section system.serviceModel to C:\windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Reinstalling configuration section system.runtime.serialization to C:\windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Reinstalling configuration section system.serviceModel.activation to C:\windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. Adding configuration entry for BuildProvider: System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Reinstalling compilation assembly node to System.Web section group: System.Runtime.Serialization, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=MSIL Reinstalling compilation assembly node to System.Web section group: System.IdentityModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089, processorArchitectur... ServiceModelReg [12:50:18:358]: Uninstalling: Machine.config Section Groups and Handlers ServiceModelReg [12:50:18:366]: Warning: Configuration section system.serviceModel does not exist in C:\windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. ServiceModelReg [12:50:18:369]: Warning: Configuration section system.runtime.serialization does not exist in C:\windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. ServiceModelReg [12:50:18:373]: Warning: Configuration section system.serviceModel.activation does not exist in C:\windows\Microsoft.NET\Framework\v2.0.50727\Config\machine.config. ServiceModelReg [12:50:18:374]: Installing: Machine.config Section Groups and Handlers ServiceModelReg [12:50:18:893]: Uninstalling: System.Web Build Provider ServiceModelReg [12:50:19:095]: Warning: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist. ServiceModelReg [12:50:19:096]: Installing: System.Web Build Provider ServiceModelReg [12:50:19:138]: Uninstalling: System.Web Compilation Assemblies ServiceModelReg [12:50:19:153]: Warning: All compilation assembly nodes do not exist in System.Web section group. ServiceModelReg [12:50:19:154]: Installing: System.Web Compilation Assemblies ServiceModelReg [12:50:19:246]: Uninstalling: HTTP Handlers ServiceModelReg [12:50:19:260]: Warning: HttpHandlers node *.svc does not exist in System.Web section group. ServiceModelReg [12:50:19:261]: Installing: HTTP Handlers ServiceModelReg [12:50:19:322]: Uninstalling: HTTP Modules ServiceModelReg [12:50:19:333]: Warning: HttpModules node ServiceModel does not exist in System.Web section group. ServiceModelReg [12:50:19:334]: Installing: HTTP Modules ServiceModelReg [12:50:19:365]: Repairing: WMI Classes ServiceModelReg [12:50:19:396]: Warning: Failure executing "C:\windows\system32\wbem\mofcomp.exe" with parameters ""C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModel.mof"": System.IO.FileNotFoundException: Could not load file or assembly 'C:\windows\system32\wbem\mofcomp.exe' or one of its dependencies. Exception from HRESULT: 0x80070002 File name: 'C:\windows\system32\wbem\mofcomp.exe' at System.ServiceModel.Install.InstallHelper.ExecuteWaitHelper(String program, String parameters) at System.ServiceModel.Install.InstallHelper.ExecuteWait(String program, String parameters, Int32[] allowedExitCodes) at System.ServiceModel.Install.WmiInstallComponent.OnInstall(OutputLevel outputLevel) ServiceModelReg [12:50:19:516]: System.InvalidCastException: Retrieving the COM class factory for component with CLSID {4590F811-1D3A-11D0-891F-00AA004B2E24} failed due to the following error: 80004002. at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementScope.Connect() at System.ServiceModel.Install.WmiInstallComponent.get_IsInstalled() at System.ServiceModel.Install.WmiInstallComponent.ApplyNamespaceDacl(OutputLevel outputLevel) at System.ServiceModel.Install.WmiInstallComponent.OnInstall(OutputLevel outputLevel) at System.ServiceModel.Install.WmiInstallComponent.Reinstall(OutputLevel outputLevel) at Microsoft.Tools.ServiceModel.ServiceModelReg.PerformAction(ActionItem actionItem, Nullable`1 confirmUninstall) at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args) at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args) === Verbose logging stopped: 1/11/2009 12:50:19 === --- snip ---
Oh joy ... WMI. Providing fake mofcomp.exe (returning success) is not enough, WCF installer will try *use* WMI hence there needs to be some working infrastructure:
--- snip --- ServiceModelReg [19:37:29:832]: Starting tool 'C:\windows\system32\wbem\mofcomp.exe' with parameters '"C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModel.mof"'. ServiceModelReg [19:37:29:895]: ServiceModelReg [19:37:29:896]: ServiceModelReg [19:37:29:897]: Tool 'C:\windows\system32\wbem\mofcomp.exe' with parameters '"C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModel.mof"' exited with code '0'. ServiceModelReg [19:37:29:955]: System.InvalidCastException: Retrieving the COM class factory for component with CLSID {4590F811-1D3A-11D0-891F-00AA004B2E24} failed due to the following error: 80004002. at System.Management.ManagementScope.InitializeGuts(Object o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementScope.Connect() at System.ServiceModel.Install.WmiInstallComponent.get_IsInstalled() at System.ServiceModel.Install.WmiInstallComponent.ApplyNamespaceDacl(OutputLevel outputLevel) at System.ServiceModel.Install.WmiInstallComponent.OnInstall(OutputLevel outputLevel) at System.ServiceModel.Install.WmiInstallComponent.Reinstall(OutputLevel outputLevel) at Microsoft.Tools.ServiceModel.ServiceModelReg.PerformAction(ActionItem actionItem, Nullable`1 confirmUninstall) at Microsoft.Tools.ServiceModel.ServiceModelReg.Run(String[] args) at Microsoft.Tools.ServiceModel.ServiceModelReg.TryRun(String[] args) === Verbose logging stopped: 1/8/2009 19:37:29 === --- snip ---
This is a big blocker and getting WMI to work with Wine is imperative for .NET 3.0 and higher. Of course this also useful for older .NET Frameworks
Roll-back, prepare clean WINEPREFIX again;-)
We need to install native WMI core 1.5 from: http://www.microsoft.com/downloads/details.aspx?familyid=AFE41F46-E213-4CBF-...
Download wmicore http://download.microsoft.com/download/platformsdk/wmicore/1.5/W9XNT4/EN-US/... (sha1sum: f7a36668eb6c82a28393637ffdf0ec6e8adfa6a1)
Make sure you set winver to NT 4.0 (don't forget to reset to default) and execute the installer (I already have my own winetricks step for this):
--- snip --- wine wmicore.exe --- snip ---
The installer will then hang at some point "Configuring repository". With winedbg one can see following processes:
--- snip --- Wine-dbg>info process pid threads parent executable (all id:s are in hex) 0000000c 5 0000000a 'services.exe' 0000000f 1 0000000a 'explorer.exe' 0000001b 4 0000000c 'winedevice.exe' 00000025 1 00000000 'wmicore.exe' 00000027 2 00000025 'GLBbab.tmp' 00000022 4 0000000c 'WinMgmt.exe' --- snip ---
The problem is "WinMgmt.exe" which ought to be a service but due to Wine insufficiency the service thinks it's a normal process not showing usual service process behaviour as registering control handler and the like.
If you do 'wineserver -k' and try to start anything with Wine nothing will happen until wineboot times out...
As quickfix, start regedit (wait until wineboot timeout) and set service start type key for "WinMgmt" to manual start, e.g. "2" -> "3". Also a kernel driver (service) that is installed with WMI "smbios" fails to load but this currently harmless.
If we look now in "c:\windows\system32\WBEM" we see the whole stuff installed. The logs in "logs" subdirs are not revealing much so we have to increase the log level:
--- snip --- [HKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM] "Logging"="1" "Logging Directory"="C:\windows\system32\WBEM\Logs" --- snip ---
LogLevel is 0 to turn off logging, a 1 to turn on logging, and a 2 for verbose logging.
After that, we manually try to start the service:
--- snip --- $ wine net start winmgmt err:winedevice:ServiceMain driver L"smbios" failed to load The Windows Management Instrumentation service is starting. fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) - stub! fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),1,3,(nil),0,(nil)) - stub! fixme:advapi:RegisterEventSourceW (L"",L"WinMgmt"): stub wine: Call from 0x7b844f54 to unimplemented function ole32.dll.CoSwitchCallContext, aborting err:rpc:I_RpcReceive we got fault packet with status 0x80000100 fixme:ole:CoCreateInstance no instance created for interface {00000000-0000-0000-c000-000000000046} of class {8bc3f05e-d86b-11d0-a075-00c04fb68820}, hres is 0xc0000005 --- snip ---
This is bug 7187 After fixing this problem, we repeat the whole stuff again to get this in logs:
--- snip --- (Sun Jan 11 13:41:41 2009) : Starting WinMgmt, ProcID = 26, CmdLine = , User = focht(Sun Jan 11 13:41:41 2009) : WinMgmt bIsService = 0, return code from function determining if service = 0(Sun Jan 11 13:41:41 2009) : WinMgmt gbRunAsApp = 1(Sun Jan 11 13:41:41 2009) : Starting Initialize, ID = 26(Sun Jan 11 13:41:41 2009) : Registered class factory with flags: 0x15 (Sun Jan 11 13:41:41 2009) : RegOpenKey returned 0x2 while trying to open the transports node. Using default transports!(Sun Jan 11 13:41:41 2009) : Initialize complete(Sun Jan 11 13:41:41 2009) : WindowProc got hWnd=20026, message=24, wParam=0, lParam=33f814(Sun Jan 11 13:41:41 2009) : WindowProc got hWnd=20026, message=81, wParam=0, lParam=33fce8(Sun Jan 11 13:41:41 2009) : WindowProc got hWnd=20026, message=83, wParam=0, lParam=33f974(Sun Jan 11 13:41:41 2009) : WindowProc got hWnd=20026, message=1, wParam=0, lParam=33fce8(Sun Jan 11 13:41:41 2009) : Inside the waiting function --- snip ---
"WinMgmt bIsService = 0" is the culprit.
The process retrieves token information and checks if process token groups contain "SECURITY_INTERACTIVE_RID" (-> normal process) or "SECURITY_SERVICE_RID" (service process).
I think it's actually services.exe that adds the SECURITY_SERVICE_RID sid to the newly created service process (token groups).
This requires some infrastructure, including wineserver. I already quick-hacked a path to verify this and it works as expected, letting the service successfully start ;-)
Regards
http://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends on| |7187
http://bugs.winehq.org/show_bug.cgi?id=16882
--- Comment #1 from Anastasius Focht focht@gmx.net 2009-01-11 07:08:28 --- Hello,
when this bug is fixed you might also see bug 12259 (which I partly explained in bug 13964) when the repository is configured, e.g. mof compiler is run:
Flood of:
--- quote --- err:ole:CoWaitForMultipleHandles Unexpected wait termination: -1, 87 ... --- quote ---
This can currently be ignored but needs a fix some day.
Regards
http://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |16883
http://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |16886
http://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks|16883 |
http://bugs.winehq.org/show_bug.cgi?id=16882
Austin English austinenglish@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|UNCONFIRMED |NEW Ever Confirmed|0 |1 Keywords| |dotnet, download, Installer
--- Comment #2 from Austin English austinenglish@gmail.com 2009-01-11 13:49:24 --- Confirming.
http://bugs.winehq.org/show_bug.cgi?id=16882
Bug 16882 depends on bug 7187, which changed state.
Bug 7187 Summary: WMI showstopper due to unimplemented function ole32.dll.CoSwitchCallContext http://bugs.winehq.org/show_bug.cgi?id=7187
What |Old Value |New Value ---------------------------------------------------------------------------- Status|UNCONFIRMED |RESOLVED Resolution| |FIXED
http://bugs.winehq.org/show_bug.cgi?id=16882
--- Comment #3 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2009-06-28 06:33:10 --- Created an attachment (id=22065) --> (http://bugs.winehq.org/attachment.cgi?id=22065) patch that lets wcf installer finish fine
The attached patch is enough to let wcf installer finish fine for me. Apparently only wbemprox needs to get fleshed out a bit (and also LsaLookupNames2, but that's covered by other bug already).
unfortunaltely the .net 3.0 installer still crashes in the end here, but then in wpf installer it seems. When i run the wpf installer standalone it finishes fine here. Another mystery
http://bugs.winehq.org/show_bug.cgi?id=16882
Louis Lenders xerox_xerox2000@yahoo.co.uk changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |xerox_xerox2000@yahoo.co.uk
--- Comment #4 from Louis Lenders xerox_xerox2000@yahoo.co.uk 2009-07-11 12:41:37 --- Microsoft also has a "stand-alone" .net 3.0 installer on his site http://download.microsoft.com/download/3/F/0/3F0A922C-F239-4B9B-9CB0-DF53621...
This one installs just fine fine with patch for LsaLookupNames2, and a stubbed out wbemprox.
(I guess the standard installer fails in the end because it tries to install languagpakcs?)
http://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Keywords|dotnet | Summary|WMI core 1.5 installation |Microsoft WMI core 1.5 |hangs (needed for .NET 3.0 |service installation hangs |installer, WCF part), |due to missing |SECURITY_SERVICE_RID |SECURITY_SERVICE_RID |missing from service token |(process token) |group |
--- Comment #5 from Anastasius Focht focht@gmx.net 2009-08-05 06:50:23 --- Hello,
adjusting description as stubbed WBEM proxy is in GIT and native WMI is no longer required for installer part.
Still a valid bug though.
The pgwin32_is_service() source code snippet from PostgreSQL security/utility library might be of interest as it resembles the check from WMI core service:
http://doxygen.postgresql.org/security_8c-source.html
--- quote --- We consider ourselves running as a service if one of the following is true:
1) We are running as Local System (only used by services) 2) Our token contains SECURITY_SERVICE_RID (automatically added to the process token by the SCM when starting a service) --- quote ---
Which seems to bolster my analysis.
Regards
http://bugs.winehq.org/show_bug.cgi?id=16882
Dan Kegel dank@kegel.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |dank@kegel.com
--- Comment #6 from Dan Kegel dank@kegel.com 2012-02-23 12:41:14 CST --- This still seems to make 'winetricks dotnet30' fail for me with wine-1.4rc4.
http://bugs.winehq.org/show_bug.cgi?id=16882
--- Comment #7 from Anastasius Focht focht@gmx.net 2012-02-23 14:54:28 CST --- Hello Dan,
--- quote --- This still seems to make 'winetricks dotnet30' fail for me with wine-1.4rc4. --- quote ---
Works for me. Did you really use a clean WINEPREFIX?
The bug was created at a time when Wine WBEM proxy didn't exist yet and the class factory instantiation failure is considered a "hard" error:
--- snip --- ServiceModelReg [12:50:19:516]: System.InvalidCastException: Retrieving the COM class factory for component with CLSID {4590F811-1D3A-11D0-891F-00AA004B2E24} failed due to the following error: 80004002. ... --- snip ---
Nowadays with wbemprox present the check for WMI classes still fails in "servicemodelreg" tool - at later stage. This is not considered a "hard" error: 0x80041001 (WBEM_E_FAILED) -> translated to COM Error 0x80131501 -> "Generic failure" (managed exception thrown and caught).
--- snip --- ... servicemodelreg [21:35:29:530]: Repairing: WMI Classes servicemodelreg [21:35:29:531]: Starting tool 'C:\windows\system32\wbem\mofcomp.exe' with parameters '"C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModel.mof"'. servicemodelreg [21:35:29:540]: servicemodelreg [21:35:29:540]: servicemodelreg [21:35:29:540]: Tool 'C:\windows\system32\wbem\mofcomp.exe' with parameters '"C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModel.mof"' exited with code '0'. servicemodelreg [21:35:29:585]: Error: WMI classes are not installed. servicemodelreg [21:35:29:586]: Repairing: Windows CardSpace (idsvc) servicemodelreg [21:35:29:600]: Repairing: Net.Tcp Port Sharing Service (NetTcpPortSharing) servicemodelreg [21:35:29:611]: Uninstalling: HTTP Namespace Reservations servicemodelreg [21:35:29:614]: Warning: HTTP namespace reservations are not installed. servicemodelreg [21:35:29:615]: Installing: HTTP Namespace Reservations servicemodelreg [21:35:29:617]: Information: The ServiceModelReg tool has completed successfully. --- snip ---
Regards
http://bugs.winehq.org/show_bug.cgi?id=16882
--- Comment #8 from Dan Kegel dank@kegel.com 2012-02-23 21:08:59 CST --- Yes, this was a clean wineprefix. But it only happens on ubuntu 12.04; in Ubuntu 11.10, it works fine.
The problem I'm running into leaves dd_dotnetfx3error.txt containing:
[02/23/12,18:53:22] Windows Communication Foundation: [2] Error: Installation failed for component Windows Communication Foundation. MSI returned error code 1603 [02/23/12,18:54:03] WapUI: [2] DepCheck indicates Windows Communication Foundation is not installed.
It might take me some time to figure out what's different between the two logs.
http://bugs.winehq.org/show_bug.cgi?id=16882
Daniel Jelinski djelinski1@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |djelinski1@gmail.com
--- Comment #9 from Daniel Jelinski djelinski1@gmail.com 2012-03-04 15:30:22 CST --- should winetricks dotnet30 work out of the box? Just tested it in Ubuntu 11.10, wine 1.4-rc5, clean prefix and it failed.
http://bugs.winehq.org/show_bug.cgi?id=16882
--- Comment #10 from Anastasius Focht focht@gmx.net 2012-03-04 16:03:21 CST --- Hello,
--- quote --- should winetricks dotnet30 work out of the box? Just tested it in Ubuntu 11.10, wine 1.4-rc5, clean prefix and it failed. --- quote ---
yes, every winetricks dotnet recipe should work "out of the box" ;-)
Ensure you're using an up-to-date winetricks script (http://winetricks.googlecode.com/svn/trunk/src/winetricks). For .NET 3.0 older winetricks versions might work fine too.
Regards
http://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.microsoft.com/do |http://download.microsoft.c |wnloads/details.aspx?family |om/download/platformsdk/wmi |id=AFE41F46-E213-4CBF-9C5B- |core/1.5/W9XNT4/EN-US/wmico |FBF236E0E875 |re.exe Platform|Other |x86 Summary|Microsoft WMI core 1.5 |Microsoft WMI core 1.5 |service installation hangs |service hangs due to |due to missing |missing |SECURITY_SERVICE_RID |SECURITY_SERVICE_RID |(process token) |(process token) OS/Version|other |Linux
--- Comment #11 from Anastasius Focht focht@gmx.net 2013-05-01 05:34:07 CDT --- Hello folks,
still present (and valid bug although Wine implemented WMI partially which removed the need for native components).
The service failure can be observed after installing in clean WINEPREFIX (with WinVer set to "WinNT 4.0")
--- snip --- err:service:service_send_start_message service L"WinMgmt" failed to start fixme:service:scmdatabase_autostart_services Auto-start service L"WinMgmt" failed to start: 1053 --- snip ---
$ wine --version wine-1.5.29-38-g8e4317c
Regards
http://bugs.winehq.org/show_bug.cgi?id=16882
fangendou fangendoucg@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fangendoucg@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=16882
super_man@post.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |super_man@post.com
--- Comment #12 from super_man@post.com --- Assuming still valid issue. There is a crash when trying to use the exe. The patch mentioned here doesn't apply cleanly anymore.
wine 1.7.50(git)
https://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Microsoft WMI core 1.5 |Multiple Windows service |service hangs due to |processes fail to |missing |start/hang due to missing |SECURITY_SERVICE_RID |SECURITY_SERVICE_RID in |(process token) |process token (Microsoft | |WMI core 1.5 service, | |PostgreSQL)
--- Comment #13 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
--- snip --- $ winetricks -q wmi
# will hang after install -> starting service <CTRL+C>
$ wineserver -k
$ wine net start Winmgmt 0025:fixme:ntoskrnl:MmMapIoSpace stub: 0x00000000000f0000, 65536, 1 0032:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) - stub! 000f:err:service:process_send_command service protocol error - failed to write pipe! 000f:fixme:service:scmdatabase_autostart_services Auto-start service L"Winmgmt" failed to start: 1053 The Windows Management Instrumentation service is starting. 003e:fixme:ole:CoInitializeSecurity ((nil),-1,(nil),(nil),2,2,(nil),32,(nil)) - stub! 003c:err:service:process_send_command service protocol error - failed to write pipe! Service request timeout. --- snip ---
Updated (non-broken) link to Github project(s):
https://github.com/postgres/postgres/blob/master/src/port/win32security.c#L9...
--- snip --- /* * We consider ourselves running as a service if one of the following is * true: * * 1) We are running as LocalSystem (only used by services) * 2) Our token contains SECURITY_SERVICE_RID (automatically added to the * process token by the SCM when starting a service) * * The check for LocalSystem is needed, because surprisingly, if a service * is running as LocalSystem, it does not have SECURITY_SERVICE_RID in its * process token. * * Return values: * 0 = Not service * 1 = Service * -1 = Error * * Note: we can't report errors via either ereport (we're called too early * in the backend) or write_stderr (because that calls this). We are * therefore reduced to writing directly on stderr, which sucks, but we * have few alternatives. */ --- snip ---
Process hacker:
https://github.com/processhacker/processhacker/search?utf8=%E2%9C%93&q=P...
--- snip --- VOID KphSetServiceSecurity( _In_ SC_HANDLE ServiceHandle ) { static SID_IDENTIFIER_AUTHORITY ntAuthority = SECURITY_NT_AUTHORITY; PSECURITY_DESCRIPTOR securityDescriptor; ULONG sdAllocationLength; UCHAR administratorsSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2]; PSID administratorsSid; PACL dacl;
administratorsSid = (PSID)administratorsSidBuffer; RtlInitializeSid(administratorsSid, &ntAuthority, 2); *RtlSubAuthoritySid(administratorsSid, 0) = SECURITY_BUILTIN_DOMAIN_RID; *RtlSubAuthoritySid(administratorsSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
sdAllocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH + (ULONG)sizeof(ACL) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(&PhSeServiceSid) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(administratorsSid) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(&PhSeInteractiveSid);
securityDescriptor = PhAllocate(sdAllocationLength); dacl = (PACL)PTR_ADD_OFFSET(securityDescriptor, SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION); RtlCreateAcl(dacl, sdAllocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION); RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS, &PhSeServiceSid); RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_ALL_ACCESS, administratorsSid); RtlAddAccessAllowedAce(dacl, ACL_REVISION, SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_START | SERVICE_STOP | SERVICE_INTERROGATE | DELETE, &PhSeInteractiveSid ); RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);
SetServiceObjectSecurity(ServiceHandle, DACL_SECURITY_INFORMATION, securityDescriptor);
PhFree(securityDescriptor); } --- snip ---
$ wine --version wine-3.7-156-g6d6b4bffb3
Regards
https://bugs.winehq.org/show_bug.cgi?id=16882
tokktokk fdsfgs@krutt.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |fdsfgs@krutt.org
https://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Multiple Windows service |Multiple Windows service |processes fail to |processes fail to |start/hang due to missing |start/hang due to missing |SECURITY_SERVICE_RID in |SECURITY_SERVICE_RID in |process token (Microsoft |process token (Microsoft |WMI core 1.5 service, |WMI core 1.5 service, |PostgreSQL) |PostgreSQL, AMMYY Admin | |v3.x)
--- Comment #14 from Anastasius Focht focht@gmx.net --- Hello folks,
AMMYY Admin v3.0 also needs this (now that bug 32907 is fixed).
The app starts a "helper" service which starts another process via 'CreateProcessAsUser' which exits due to missing SECURITY_LOCAL_SYSTEM_RID in user token, leading to endless launch loop.
As already said, Windows SCM automatically adds SECURITY_LOCAL_SYSTEM_RID when starting a service.
--- snip --- ... 0033:Call advapi32.SetTokenInformation(00000088,0000000c,007efdc8,00000004) ret=0041fbf1 0033:fixme:ntdll:NtSetInformationToken TokenSessionId stub! 0033:Ret advapi32.SetTokenInformation() retval=00000001 ret=0041fbf1 0033:Call advapi32.CreateProcessAsUserW(00000088,00000000,004d17c4 L""Z:\home\focht\Downloads\install\AA_v3.exe"",00000000,00000000,00000000,00000000,00000000,00000000,007efdd8,007efe1c) ret=0041fdab 0033:fixme:advapi:CreateProcessAsUserW 0x88 (null) L""Z:\home\focht\Downloads\install\AA_v3.exe"" (nil) (nil) 0 0x00000000 (nil) (null) 0x7efdd8 0x7efe1c - semi-stub ... 0035:Call KERNEL32.__wine_kernel_init() ret=7bc6cef2 0033:Ret advapi32.CreateProcessAsUserW() retval=00000001 ret=0041fdab ... 0035:Call KERNEL32.ProcessIdToSessionId(00000034,004afd40) ret=00424d80 0035:Ret KERNEL32.ProcessIdToSessionId() retval=00000001 ret=00424d80 ... 0035:Call advapi32.OpenProcessToken(ffffffff,00020008,0033f288) ret=0040756f 0035:Ret advapi32.OpenProcessToken() retval=00000001 ret=0040756f 0035:Call advapi32.GetTokenInformation(00000078,00000001,0033d278,00002000,0033f284) ret=004075b8 0035:Ret advapi32.GetTokenInformation() retval=00000001 ret=004075b8 0035:Call KERNEL32.CloseHandle(00000078) ret=004075c3 0035:Ret KERNEL32.CloseHandle() retval=00000001 ret=004075c3 0035:Call advapi32.ConvertSidToStringSidA(0033d280,0033f28c) ret=004075f9 0035:Ret advapi32.ConvertSidToStringSidA() retval=00000001 ret=004075f9 0035:Call msvcrt._stricmp(00167d70 "S-1-5-21-0-0-0-1000",004a13a0 "S-1-5-18") ret=00407610 0035:Ret msvcrt._stricmp() retval=00000001 ret=00407610 ... --- snip ---
The concept of using a helper service to run a process under specified user identity is demonstrated here:
http://read.pudn.com/downloads178/sourcecode/windows/829566/CreateProcessAsU...
--- snip --- // CreateProcessAsUser.cpp // // Written by Valery Pryamikov (1999) // // Command line utility that executes a command under specified user identity // by temporarily installing itself as a service. // // Based on Keith Brown's AsLocalSystem utility (http://www.develop.com/kbrown) // Uses some code from Mike Nelson's dcomperm sample utility // and from tlist sample (Microsoft Source Code Samples) // // Use: // CreateProcessAsUser.exe [-i[nteractive]]|[-s[ystem]]| // [-u"UserName" -d"DomainName" -p"Password"]|[-a"AppID"] command // Command must begin with the process (path to the exe file) to launch // -i process will be launched under credentials of the // "Interactive User" (retrieved from winlogon\shell process) // -a process will be launched under credentials of the user // specified in "RunAs" parameter of AppID. // -s process will be launched as local system // -u -d -p process will be launched on the result token of the // LogonUser(userName,domainName,password,LOGON32_LOGON_BATCH...) // // either (-s) or (-i) or (-a) or (-u -d -p) parameters must supplied // // Examples: // CreateProcessAsUser -s cmd.exe // CreateProcessAsUser -a"{731A63AF-2990-11D1-B12E-00C04FC2F56F}" winfile.exe // --- snip ---
$ sha1sum AA_v3.exe 63c52b0ac68ab7464e2cd777442a5807db9b5383 AA_v3.exe
$ du -sh AA_v3.exe 756K AA_v3.exe
$ wine --version wine-3.8-128-g8e9ea7a8a1
Regards
https://bugs.winehq.org/show_bug.cgi?id=16882
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://download.microsoft.c |https://web.archive.org/web |om/download/platformsdk/wmi |/20160314061326/http://down |core/1.5/W9XNT4/EN-US/wmico |load.microsoft.com/download |re.exe |/platformsdk/wmicore/1.5/W9 | |XNT4/EN-US/wmicore.exe
--- Comment #15 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
Stable download links via Internet Archive:
https://web.archive.org/web/20160314061326/http://download.microsoft.com/dow...
---
https://web.archive.org/web/20150810052334/http://70.38.40.189/AA_v3.exe
virustotal.com malware scan of the binary (remote admin/riskware/trojan/backdoor):
https://www.virustotal.com/gui/file/1831806fc27d496f0f9dcfd8402724189deaeb5f...
$ wine --version wine-5.5
Regards
https://bugs.winehq.org/show_bug.cgi?id=16882
--- Comment #16 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
$ wine --version wine-6.0
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla