WinBatch Tech Support Home

Database Search

If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.

TechHome

WinBatch
Networks - Servers
Microsoft Client
wNT
Services

Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.

wntSvcCfgSet and Error 650 

Keywords: 	  wntSvcCfgSet Error 650

Question:

I'm trying to change the userid and password of a service. When I use my own userid, it works fine, but when I try to use another valid username, it fails with the error 650: Invalid Service Account. Here's my code: 
     wntSvcCfgSet("", "service", 1000, 7, "DomainName\Username")

Answer:

  1. Get the latest version of the Extender. We have made a couple of changes to that function to handle how the 5th parameter, Value, is input.

  2. This is the description of that error:

    ERROR_INVALID_SERVICE_ACCOUNT

    The account name does not exist, or a service is specified to share the same binary file as an already installed service but with an account name that is not the same as the installed service.

    Since the user name is valid, it could be the second issue. Namely, two services installed which are using the same EXE or DLL, in which case they apparently both need to have the same account name. Can you make the same modification successfully using Control Panel?

Resolution:

I finally found a solution to the problem.

Let me give you more details of what I was attempting to do.

Task:

Write a Winbatch script to enable the Windows NT Schedule service

  1. Set the appropriate id and password
  2. Set the service to start automatically
  3. Add the logon as service right
Writing the Winbatch code was pretty straight forward.

Performing the operation manually on a clean system produced an NT error. 

	Error 1057:  The Account Name is Invalid or Does Not  Exist.
This error is consistent with what WinBatch is reporting. I found two Q articles in Microsoft TechNet that reference this Error 1057; Q128488 and Q159925. I inserted the Q articles below.

Bottomline. I had to edit the registry to add the service account ID that I needed to use, then use the the wntSvcCfgSet command to set the password and startup type to automatic. I also used an NT Resource Kit tool, NTRIGHTS.EXE to modify the Logon as Service right. This utility changes the service account rights.

Here's the code: 

------------------------------------------------------------------------
------------------
AddExtender("WWWNT34I.DLL")

servicename="Schedule"
usrname="Domain\UserId"
PW="Password"
Title="Set Service Account V1.0"

BoxOpen(Title,"Setting %USRNAME% as service account%@CRLF%%@CRLF% for
%SERVICENAME% service")
TimeDelay(1)

schedkey = RegOpenKey(@REGMACHINE,
"SYSTEM\CurrentControlSet\Services\%servicename%")
RegSetValue(schedkey, "[ObjectName]", usrname)
RegCloseKey(schedkey)

BoxText("Setting %SERVICENAME% startup type to Automatic%@CRLF%%@CRLF%
for %SERVICENAME% service")
TimeDelay(1)
wntSvcCfgSet("", servicename,1000,1, 2)

BoxText("Setting %SERVICENAME% startup type to Automatic%@CRLF%%@CRLF%
for %SERVICENAME% service")
TimeDelay(1)
wntSvcCfgSet("", servicename,1000,8,PW)

BoxText("Setting Logon As Service right")
RunHideWait("ntrights","-U %usrname% +r SeServiceLogonRight")

------------------------------------------------------------------------
------------------
GREAT PRODUCT!!!!!! 
PSS ID Number: Q159925
Article last modified on 11-17-1997
 
WinNT:3.5,3.51,4.0
 
winnt
 

======================================================================
------------------------------------------------------------------------
---
The information in this article applies to:
 
 - Microsoft Windows NT Workstation versions 3.5, 3.51, and 4.0
 - Microsoft Windows NT Server versions 3.5, 3.51, and 4.0
------------------------------------------------------------------------
---
 
SYMPTOMS
========
 
When you try to configure a service to start using something other than
the system account in the Control Panel Services utility, you receive
the
following error:
 
   Cannot set the startup parameters for the  service.
   Error 1057 occurred: the account name in invalid or does not exist.
 
CAUSE
=====
 
A password must be specified for the account in the "Log on As" dialog
box under This Account.
 
A set of asterisks are placed in the Password and Confirm Password boxes
automatically when a user account is chosen. Those asterisks do not
necessarily represent the correct password for the chosen account and an
entry must be typed there. If no password is specified, this error
occurs,
however, Windows NT will accept the wrong password.
 
RESOLUTION
==========
 
Ensure that the proper password is typed in for the Password and
Confirm Password boxes for the user account chosen.
 
Additional query words: incorrect
======================================================================
Keywords          : NTSrvWkst ntui kbenv
Version           : WinNT:3.5,3.51,4.0
Platform          : winnt
Issue type        : kbprb
Solution Type     : kbworkaround
========================================================================
=====
Copyright Microsoft Corporation 1997.



        

 
 
PSS ID Number: Q128488
Article last modified on 09-03-1996
 
3.10 3.50
 
WINDOWS
 

----------------------------------------------------------------------
The information in this article applies to:
 
- Microsoft Windows NT operating system version 3.1
- Microsoft Windows NT Advanced Server version 3.1
- Microsoft Windows NT Workstation version 3.5
- Microsoft Windows NT Server version 3.5
----------------------------------------------------------------------
 
SYMPTOMS
========
 
Error 1057 is reported when the Startup Option "Log On As This Account"
for
a Windows NT Service is selected. For example, if you run Control Panel,
choose Services, modify the startup options for the Directory Replicator
Service, select "Log On As This Account," select a valid user account
from
the dialog box, type a valid password for the account, and then choose
OK,
the following error message appears:
 
   Cannot set the startup parameters for the Directory Replicator
Service.
   Error 1057 occurred: The account name is invalid or does not exist"
 
The following is written to the system log:
 
   Event ID#: 7005
   The LsaCreateSecret call failed with the following error: C0000035""
 
CAUSE
=====
 
This error occurs when the service control manager is not able to update
the registry parameters for the service because the LSA Create Secret
call
failed.
 
The error is reproducible after manual registry modifications or
Emergency
Repair has taken place. However, it has also been reported by customers
on
new installations of Windows NT where registry information has not been
previously modified.
 
RESOLUTION
==========
 
To correct this problem:
 
WARNING: Using Registry Editor incorrectly can cause serious,
system-wide
problems that may require you to reinstall Windows NT to correct them.
Microsoft cannot guarantee that any problems resulting from the use of
Registry Editor can be solved. Use this tool at your own risk.
 
1. Run Registry Editor (REGEDT32.EXE) to change the replicator
ObjectName:
 
   a. From the HKEY_LOCAL_MACHINE subtree, go to the following key:
 
         \System\CurrentControlSet\Services\Replicator
 
   b. Select ObjectName: REG_SZ: LocalSystem
 
   c. From the Edit menu choose String.
 
   d. Change ObjectName to Domain\Account.
 
   e. Choose OK.
 
2. Use Control Panel to change the Directory Replicator logon account.
 
   a. Run Control Panel and choose Services.
 
   b. Select Directory Replicator and choose Startup.
 
   c. In the Log On As box, change This Account from Domain\Account name
to
      LocalSystem.
 
   You should now be able to start the directory replicator service
under
   the system account security ID.
 
3. Stop the service and modify the Startup Parameters to change to the
   desired user account and password. Enter the desired logon account
and
   password.
 
The service should start without error.
 
MORE INFORMATION
================
 
The NT Service Controller stores the password as a one-way-encrypted LSA
secret, only if the ObjectName value for this service is set to
Domain\Account rather than LocalSystem. LSA secrets reside in the
Registry
in an area not normally directly accessible (even to administrators).
When
you change from System Account to a specific account, the service
controller creates the LSA secret for this service, and similarly it
deletes the secret when you change from a specific account to System
Account. The 0xC00000035 error usually occurs when an administrator
manually changes ObjectName from a specific account to SystemAccount. As
a
result, the LSA secret still exists even though it should have been
deleted. When the administrator tries to change back to a specific
account
using the Service Controller Manager interface, the Service Controller
will
try to create the LSA secret, but will display error 0xC0000035
(STATUS_OBJECT_NAME_COLLISION "Object Name already exists") because the
LSA
secret already exists. Microsoft recommends changing ObjectName back to
a
value consistent with the LSA state, rather than to risking more
extensive
damage by manually modifying the LSA section of the registry.
 
KBCategory: kbnetwork
KBSubcategory: ntregistry
Additional reference words: 3.10 3.50 prodnt
 
========================================================================
=====
Copyright Microsoft Corporation 1996.

Article ID:   W13579

Filename:   wntSvcCfgSet and Error 650.txt
File Created: 2001:03:01:14:22:22
Last Updated: 2001:03:01:14:22:22