Could not connect sessionID 0 to sessionname console .bat from psexec

Asked 11/7, 2016 at 14:55 Answered 14/9, 2024 at 22:39

I'm attempting to force a VM to log the current user out and send the session to the console via running a .bat script.

I can get this working if I manually run a .bat file on the VM which contains the following:

%windir%\System32\tscon.exe 0 /dest:console

However, when using psexec or paexec to call the same .bat:

c:\>psexec.exe \\virtualmachine -u domain\username -p password -h cmd /c
c:\user\atest\desktop\test.bat

I get an access denied:

Could not connect sessionID 0 to session name console, Error code 5 Error [5]:Access is denied. C:\windows\system32\tscon.exe exited on virtualmachine with error code 1.

Alternatively, I've tried (same result):

C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h
C:\windows\system32\tscon.exe 0 /dest:console

I'm not sure where I'm going wrong, because this starts iexplore.exe fine:

C:\>PsExec.exe \\virtualmachine -u domain\username -p password -h "c:\program files\internet explorer\iexplore.exe"

Elsey answered 11/7, 2016 at 14:55 Comment(0)

The problem was because the user was connected via RDP, it was not session 0. I had to run "query user" to get the session ID of the RDP connection, then pass that into PsExec using "-i" like so:

C:\>PsExec.exe -s -i $id \\virtualmachine c:\windows\system32\tscon.exe $id /dest:console

Because this is running as system (-s) I didn't need to pass in any authentication.

This answer helped me with the concept of sessions, hope it helps someone else.

Elsey answered 12/7, 2016 at 13:45 Comment(0)

I had a batch file that worked for years ending a RDP session and leaving the host screen unlocked, it had conditions for sessionid's 0 through 10 just in case. Then this week after a windows update loaded it stopped working and I kept getting 7045 errors in the results of the batch file. The RDP session would close but the host machines screen was locked. The host machine runs a message board so this was not acceptable and the machine is mounted to the ceiling so no mouse or keyboard is possible.

I searched a ton and found nothing that worked more than once if it worked at all. Then I found this by chance, and when I ran this power shell command my problem was solved. It works great so far and better yet you don't have to know the sessionID or name, or pass a password in a text or batch file.

@powershell -NoProfile -ExecutionPolicy unrestricted -Command "$sessionid=((quser $env:USERNAME | select -Skip 1) -split '\s+')[2]; tscon $sessionid /dest:console" 2> UnlockErrors.log

Just copy the script into a text file, rename it something.cmd then create a shortcut to it on the hosts desktop and go to the properties and select advanced and have it run as administrator. Easy. Works on win7 pro. I found the script here https://steamcommunity.com/groups/homestream/discussions/0/617335934139051123/?ctp=5

Coveney answered 27/11, 2018 at 20:12 Comment(4)

Thank you. This solution worked for me as well. Now I can get back to using Moonlight! – Seeress 29/11, 2018 at 1:37

Freaking brilliant! I love it when Christmas comes in February. – Thorax 20/2, 2019 at 1:10

Thank you! I used your answer as a reference to answer a similar question in another community. superuser.com/a/1718121/1679280 – Velasco 26/4, 2022 at 14:41

This was a great solution that i'd never imagine of. There is a software I need to use, it somehow understands RDP connections and doesnt let open on RDP. When I physically login, i can use the software flawlessly. With the code you shared, I force windows to log-in "physically" to itself :D and runt the exe. RDP connection drops and exe runs. Then i re-connect. Ta-da! – Domett 23/1, 2023 at 15:26

I also faced the same issue with the following command Command – tscon SessionID /dest:console /password: ****

Resolution: I worked a lot and finally got to know the issue is with password. i.e. the password length should not be greater than 13 characters. But in this case password = 20 characters.

Later I changed the password to ****(12 characters) and issue got resolved.

Overspill answered 10/7, 2020 at 7:30 Comment(1)

I ran into the same issue. I don't like that we need to reduce password length to use tscon. Really easy to brute force 13 character passwords on local windows accounts. – Agulhas 3/5, 2021 at 20:47

If you are not a local administrator of the VM, you won't be able to do this. The session I was logged-in with was not a local admin, but when running the shortcut "as an administrator", I tried using another account that was a local admin (when prompted). However, this doesn't work. The account you are moving to the console session is the one you are logged-in with, but if you use a different account for the shortcut elevation, TSCON will try using that account instead.

Photogrammetry answered 6/12, 2022 at 15:45 Comment(0)

At domain admin command prompt:

Remote to station:

psexec \\station cmd

To confirm locked:

tasklist | findstr -i logonui

If logonui.exe is present, it is locked. (Probably).

Other ways to check may be to use tasklist or qwinsta and look for "RDP" sessions. If there is no rdp session, and/or console is marked active, then it probably isn't locked.

To unlock:

tscon <id> /dest:console /password:<password>

id must be the correct session ID.

To find it you can use tasklist and look for processes with a sessionname of "RDP" something (RDP-TCP#1 specifically).

You can also use qwinsta which will list the sessions and their IDs. Again look for the "RDP" one.

password must be the password of the user. If you don't know it, then you can't unlock.

If this succeeds, then running tasklist | findstr -i logonui should have no results (while still connected via psexec).

Use exit to exit from psexec and to confirm that you were still connected.

Alidus answered 14/9, 2024 at 22:39 Comment(0)

Recommended topics

Hot tags