psexec Couldn't access \\IP/computername The system cannot find the path specified

Question

Tried

psexec \\ip.add.re.ss -accepteula -u local_admin -p cmd.exe
psexec \\computername -accepteula -u local_admin -p cmd.exe
psexec \\computername.fdqn -accepteula -u local_admin -p cmd.exe

where the remote computer(s) have windows xp professional images, the _local_admin_ account is not (of course) AD authenticated. For both I got

Couldn't access ip.add.re.ss: (computername)
The system cannot find the path specified.

On the destination computer the pfirewall.log file showed the following

2011-01-27 11:46:43 DROP TCP src.ip dst.ip 4348 80 48 S 2766223090 0 65535 - - - RECEIVE
2011-01-27 11:46:43 DROP TCP src.ip dst.ip 4349 80 48 S 3163156243 0 65535 - - - RECEIVE
2011-01-27 11:46:45 DROP TCP src.ip dst.ip 4348 80 48 S 2766223090 0 65535 - - - RECEIVE
2011-01-27 11:46:45 DROP TCP src.ip dst.ip 4349 80 48 S 3163156243 0 65535 - - - RECEIVE
2011-01-27 11:46:52 DROP TCP src.ip dst.ip 4348 80 48 S 2766223090 0 65535 - - - RECEIVE
2011-01-27 11:46:52 DROP TCP src.ip dst.ip 4349 80 48 S 3163156243 0 65535 - - - RECEIVE

What settings do I need to change in Windows Firewall (apparently there's hardly anything left to add to exceptions list :/ ) ... any particular port? Anything in the Services? The remote registry, rpc ones are all started ...
netstat -ano

TCP    0.0.0.0:135            0.0.0.0:0              LISTENING       988  
TCP    0.0.0.0:445            0.0.0.0:0**            LISTENING       4
TCP    0.0.0.0:3389           0.0.0.0:0              LISTENING       920
TCP    0.0.0.0:28201          0.0.0.0:0              LISTENING       1808
TCP    127.0.0.1:1080         0.0.0.0:0              LISTENING       3232
TCP    127.0.0.1:1590         0.0.0.0:0              LISTENING       2300
TCP    127.0.0.1:5152         0.0.0.0:0              LISTENING       940
TCP    127.0.0.1:5354         0.0.0.0:0              LISTENING       560

Take a look at the packets between the computers where my.ip is the IP address o my computer and remote.ip is the ip address of computername computer

No.     Time        Source                Destination           Protocol Info
365 64.704755   my.ip       remote.ip       SMB      Tree Connect AndX Request, Path: \\computername\ADMIN$

366 64.705066   remote.ip       mp.ip       SMB      Tree Connect AndX Response, Error: STATUS_BAD_NETWORK_NAME

367 64.705221   my.ip       remote.ip       SMB      Logoff AndX Request
368 64.705464   remote.ip       my.ip       SMB      Logoff AndX Response

What is the expectation from ADMIN$? Is it an alias of some sort?

score 2 · Answer 1 · answered Jan 27 '11 at 22:12

2

PSExec uses TCP port 445 (SMB), so you will need to have that open on the destination PC.

answered Jan 27 '11 at 22:12

Sam Cogan

38,736
6
78
114

aha ... 'll get to check tomorrow morning – Tathagata Jan 28 '11 at 04:28
:( ... its open - edited the question – Tathagata Jan 28 '11 at 16:08

score 1 · Answer 2 · answered Feb 17 '12 at 19:10

1

You need to have the remote machine running the service called 'Server'. Open Services and check if Server is disabled or not started.

answered Feb 17 '12 at 19:10

godfrey

31
1

score 0 · Answer 3 · answered Jan 28 '11 at 16:24

0

I think the message

The system cannot find the path specified.

is related to the command's path (last argument), not to the computer name. Try this instead

psexec \\computername -accepteula -u local_admin -p PASSWORD C:\Windows\System32\cmd.exe

answered Jan 28 '11 at 16:24

splattne

28,508
20
98
148

I wish that would have worked ... :( – Tathagata Jan 31 '11 at 18:58
added some packet traces .. can you please take a look? – Tathagata Jan 31 '11 at 19:08

psexec Couldn't access \\IP/computername The system cannot find the path specified

3 Answers3