On one occasion, I needed to capture time travel tracing (TTT) in the customer's environment, but it was not possible to capture it. The error is as follows:
The error message is as follows:
C: \ debuggers \ TTT> tttracer-dumpfull-out E: \ tttoutput-Attach 3384
Microsoft (r) tttracer 2.010.40929 (Sep 29 2009 21:13:03)
Copyright (c) Microsoft Corporation. All rights reserved.
Warning: Please upgrade to a newer version of TT tracing.
Error: trace of "w3wp.exe" PID: 3384 did not complete successfully: Status: 20
Error: communication between the guest process and this client
Cocould not be established, which may be an indication
Permissions or privileges problem (see E: \ tttoutput \ w3wp01. Out
For more details ).
Error: upted trace dumped to E: \ tttoutput \ w3wp01. Run. Err.
See error output file E: \ tttoutput \ w3wp01. Out for more details.
W3wp01. Run. Err content
------------
Microsoft (r) tttclient 2.010.40929 (Sep 29 2009 21:12:58)
Microsoft (r) Time Travel tracing 2.010.40929 (Sep 29 2009 21:12:58)
Copyright (c) Microsoft Corporation. All rights reserved.
Microsoft confidential-strictly for internal use only
Initializing time travel tracing for attach to 3384
Time: 03/02/2012 15:40:36
OS: 6.1.7601 edition: x64
Group tracing guid: d2c17755-0428-4e74-8709-b2f3bdfe0fa1
Running "w3wp.exe"
Running "C: \ debuggers \ TTT \ nirvexec.exe"/duration 1/clientname "C: \ debuggers \ TTT \ tttracewriter. DLL "/clientparams" 23 E: \ tttoutput \ w3wp01. run 0 0 0 100000 0 1 0 6001 "/Attach 3384
Customers say they have some group policies that impose security restrictions on their computers, but when we open secpol. when MSC was checking, they did not remember the group policies they modified. -_-|
Solution
==============================
Use the system command prompt instead of the command prompt that improves the permission.
How can we use system command prompt? The answer is to use sysinternals (acquired by Microsoft) a command line tool called javasxec.
First, run the following command:
Export xec.exe-s-I-d cmd.exe
Wait. In the new cmd window, enter the command that was originally rejected by the system.
More information about the tool
============================
Using xec, User Account Control and security boundaries
Http://blogs.technet.com/ B /markrussinovich/archive/2007/02/12/638372.aspx
Execute processes on a remote system and redirect output to the local system
Http://www.windowsitpro.com/article/remote-computing/psexec
============================
Psexec v1.98
http://technet.microsoft.com/en-us/sysinternals/bb897553