Click here to get back home

Telnet session "Shell process may not have been launched" (Solution)
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Telnet session "Shell process may not have been launched" (Solution) Brian L. 06-21-2005
Posted by Brian L. on June 21, 2005, 2:53 pm
Please log in for more thread options
 Hello all,

After unsuccessful searches on the net for a solution to the following
problem:

Failure in initializing the telnet session. Shell process may not have
been launched.
Telnet Server has closed the connection.
Connection to host lost.

I wanted to share one possible solution that I found to work. The existing
articles/solutions out there
(http://support.microsoft.com/default.aspx?scid=kb;en-us;309523) are all for
Windows XP 64-bit Edition. That article and its solution do not apply to
Windows Server 2003.

The solution I have found is that the Telnet session seems to require the
"Secondary Logon" service to be started. There is no documented service
dependency, and the Telnet service will start without it, but you will
receive the error above when trying to connect.

I found this solution because I realized telnet works until I apply our
standard security lockdown template using the Security Configuration and
Analysis tool. Through trial and error, I narrowed it down to the fact that
we turn off the Secondary Logon service as part of the lockdown. Turning
this service off is recommended by Microsoft in the Windows Server 2003
Security Guide. It is a good idea to disable the service, so long as you
don't need to run telnet!

Hope this helps you avoid the frustration I experienced. Microsoft, please
consider adding this information as a KB article.




Posted by Lesley Kipling [MSFT] on June 24, 2005, 6:29 pm
Please log in for more thread options
 Hi.



I'm sorry this has given you so much grief and I will see what I can do to
get a KB article written for this. The issue is that in W2K3 Telnet server
(tlntsvr.exe) no longer runs as LocalSystem and needs to run the CMD process
(cmd.exe) using the

credentials of the logged in user. If Secondary Logon Service is not
started, telnet

server process cannot start the CMD process using the required alternative
credential. In fact, this applies to any service which requires access to
the creds of the logged on user - another one I can point out is the runas
service, as per..



How to enable and use the "Run As" feature in Windows Server 2003 WGID:493

ID: 325859



HTH, Les



This posting is provided "AS IS" with no warranties, and confers no rights.



> Hello all,
>
> After unsuccessful searches on the net for a solution to the following
> problem:
>
> Failure in initializing the telnet session. Shell process may not have
> been launched.
> Telnet Server has closed the connection.
> Connection to host lost.
>
> I wanted to share one possible solution that I found to work. The existing
> articles/solutions out there
> (http://support.microsoft.com/default.aspx?scid=kb;en-us;309523) are all
> for Windows XP 64-bit Edition. That article and its solution do not apply
> to Windows Server 2003.
>
> The solution I have found is that the Telnet session seems to require the
> "Secondary Logon" service to be started. There is no documented service
> dependency, and the Telnet service will start without it, but you will
> receive the error above when trying to connect.
>
> I found this solution because I realized telnet works until I apply our
> standard security lockdown template using the Security Configuration and
> Analysis tool. Through trial and error, I narrowed it down to the fact
> that we turn off the Secondary Logon service as part of the lockdown.
> Turning this service off is recommended by Microsoft in the Windows Server
> 2003 Security Guide. It is a good idea to disable the service, so long as
> you don't need to run telnet!
>
> Hope this helps you avoid the frustration I experienced. Microsoft, please
> consider adding this information as a KB article.
>
>




Similar ThreadsPosted
Kerberos V5 Authentication for a Telnet Session October 27, 2005, 3:21 am
Shell Extension Viewer? April 7, 2007, 9:44 pm
Problem with WScript.Shell Accessed from Different Domain. October 17, 2005, 10:29 pm
"The process is unable to access the file, because the file is used by another process." October 29, 2005, 5:17 pm
IAS/RADIUS session duration August 6, 2007, 12:10 pm
Force Lockout Session October 21, 2007, 10:11 am
Telnet July 11, 2005, 2:44 pm
Telnet & SMTP July 23, 2006, 8:01 pm
telnet using port 443 February 28, 2007, 6:55 pm
telnet to port 443 fails March 1, 2007, 11:51 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap