Re: Telnet session "Shell process may not have been launched" (Solution)
- From: v-rebc@xxxxxxxxxxxxxxxxxxxx ("Rebecca Chen [MSFT]")
- Date: Mon, 27 Jun 2005 02:46:41 GMT
Hi Brian,
As Lesley has stated, this is a feature change in win2k3 server. However,
your suggestion does make sense that an KB article will be very helpful
when encounting this kind of issue.
Thank you for your valueable feedback and I believe other will get benifits
from this discussion!
Best regards,
Rebecca Chen
MCSE2000 MCDBA CCNA
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Brian L." <699df88b-2059788708@xxxxxxxxxxxxxx>
>References: <O0qAPKpdFHA.3324@xxxxxxxxxxxxxxxxxxxx>
<JGAksHydFHA.940@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Telnet session "Shell process may not have been launched"
(Solution)
>Date: Fri, 24 Jun 2005 11:11:46 -0400
>Lines: 126
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>Message-ID: <O49dO8MeFHA.2076@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.general
>NNTP-Posting-Host: 204.60.67.237
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:40591
>X-Tomcat-NG: microsoft.public.windows.server.general
>
>Yes Rebecca, you understand the issue correctly. The Secondary Logon
service
>is required, and starting it does solve the problem. I just thought it odd
>that this requirement is not explained anywhere that I could find, and
since
>the 2003 Security Guide suggests you disable the service, I had it off.
It's
>not a true dependency since the Telnet service WILL start without
Secondary
>Logon started, but Telnet won't be functional without it. Perhaps this
link
>between the two could be explained in the Help text about the Telnet
>service, or in the 2003 Security guide. In any case, a KB article is
>definitely worthwhile. Thanks for your response!
>
>
>""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:JGAksHydFHA.940@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi Brian,
>>
>> Thank you for your excellent experience sharing!
>>
>> I would like to confirm my understanding of this issue that you encounter
>> the error as described in KB 309523 on win2k3 server system. You are able
>> to use the telnet session until starting Secondary Logon service.
>>
>> According to my research, this is a by design behavior. Telnet server
>> (tlntsvr.exe) needs to run the CMD process (cmd.exe) using the
credentials
>> of the login user. If Secondary Logon Service is not started, telnet
>> server
>> process cannot start CMD process using an alternative credential.
>>
>> To solve this problem, on Windows 2003 server, Administrative Tools ->
>> Computer Management -> Services and Apllications -> Services
>>
>> Change Start up type for "Secondary Logon" to Automatic and start the
>> service
>>
>> Your suggestion to address this concern in a KB article is a very good
>> idea
>> since I also see this issue for several times, and I believe the KB
>> article
>> address this issue will benefit others encounter the same problem. I have
>> forward your suggestions to the mswish@ Microsoft.com to so that the
>> appropriate folks to catch their immediate attention. You may also
>> consider
>> sending your feedback to mswish@xxxxxxxxxxxxx to make sure your sound is
>> heard by Microsoft. The more feedback they receive, the higher chance
they
>> will make the change.
>>
>> If you have any update, please feel free to post back.
>>
>> Best regards,
>>
>> Rebecca Chen
>>
>> MCSE2000 MCDBA CCNA
>>
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Brian L." <699df88b-2059788708@xxxxxxxxxxxxxx>
>>>Subject: Telnet session "Shell process may not have been launched"
>> (Solution)
>>>Date: Tue, 21 Jun 2005 14:53:36 -0400
>>>Lines: 33
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>X-RFC2646: Format=Flowed; Original
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>Message-ID: <O0qAPKpdFHA.3324@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups:
>>
microsoft.public.windows.server.general,microsoft.public.windows.server.secu
>> rity
>>>NNTP-Posting-Host: 204.60.67.237
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.security:5729
>> microsoft.public.windows.server.general:40201
>>>X-Tomcat-NG: microsoft.public.windows.server.general
>>>
>>>Hello all,
>>>
>>>After unsuccessful searches on the net for a solution to the following
>>>problem:
>>>
>>> Failure in initializing the telnet session. Shell process may not
have
>>>been launched.
>>> Telnet Server has closed the connection.
>>> Connection to host lost.
>>>
>>>I wanted to share one possible solution that I found to work. The
existing
>>>articles/solutions out there
>>>(http://support.microsoft.com/default.aspx?scid=kb;en-us;309523) are all
>> for
>>>Windows XP 64-bit Edition. That article and its solution do not apply to
>>>Windows Server 2003.
>>>
>>>The solution I have found is that the Telnet session seems to require the
>>>"Secondary Logon" service to be started. There is no documented service
>>>dependency, and the Telnet service will start without it, but you will
>>>receive the error above when trying to connect.
>>>
>>>I found this solution because I realized telnet works until I apply our
>>>standard security lockdown template using the Security Configuration and
>>>Analysis tool. Through trial and error, I narrowed it down to the fact
>> that
>>>we turn off the Secondary Logon service as part of the lockdown. Turning
>>>this service off is recommended by Microsoft in the Windows Server 2003
>>>Security Guide. It is a good idea to disable the service, so long as you
>>>don't need to run telnet!
>>>
>>>Hope this helps you avoid the frustration I experienced. Microsoft,
please
>>>consider adding this information as a KB article.
>>>
>>>
>>>
>>
>
>
>
.
- References:
- RE: Telnet session "Shell process may not have been launched" (Solution)
- From: "Rebecca Chen [MSFT]"
- Re: Telnet session "Shell process may not have been launched" (Solution)
- From: Brian L.
- RE: Telnet session "Shell process may not have been launched" (Solution)
- Prev by Date: RE: Unknown Account credentials
- Next by Date: Automate joining new domain ?
- Previous by thread: Re: Telnet session "Shell process may not have been launched" (Solution)
- Next by thread: Server Shutdown gets "It is now safe to shut down server"
- Index(es):
Relevant Pages
|
