PowerShell Core is denied permission to SshdBroker service state

[LawrenceHwang]

Noticed following permission denied errors on PowerShell Core 6.0.2 and 6.1.0-preview.4 even when running in Administrative session of PowerShell Core.

Client OS is Windows 10 1083 (Build 17134.167)

Thank you.

Steps to reproduce

>Get-Service -Name 'SshdBroker'

Expected behavior

>Get-Service -Name 'SshdBroker'

Status   Name               DisplayName
------   ----               -----------
Stopped  SshdBroker         SshdBroker

Actual behavior

>Get-Service -Name 'SshdBroker'
Get-Service : Service 'SshdBroker (SshdBroker)' cannot be queried due to the following error:
At line:1 char:1
+ Get-Service -Name 'SshdBroker'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : PermissionDenied: (System.ServiceProcess.ServiceController:ServiceController) [Get-Service], ServiceCommandException
+ FullyQualifiedErrorId : CouldNotGetServiceInfo,Microsoft.PowerShell.Commands.GetServiceCommand

Get-Service : The resource loader failed to find MUI file
At line:1 char:1
+ Get-Service -Name 'SshdBroker'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [Get-Service], Win32Exception
+ FullyQualifiedErrorId : System.ComponentModel.Win32Exception,Microsoft.PowerShell.Commands.GetServiceCommand

Environment data

> $PSVersionTable
Name                           Value
----                           -----
PSVersion                      6.1.0-preview.4
PSEdition                      Core
GitCommitId                    6.1.0-preview.4
OS                             Microsoft Windows 10.0.17134
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

[MaximoTrinidad]

@LawrenceHwang,

Just an FYI

In newer edition of Windows 10 (ie. 17713), the SshBroker Service is no longer used.

Windows 10 OpenSsh client is enabled by default. But the OpenSsh Server will need to be installed in order to allow other system to remotely connect to Windows.

[LawrenceHwang]

Thank you @MaximoTrinidad for sharing the info. Is the SshdBroker removed in the newer build or installed just not used? Sorry I don't have an environment setup with newer build yet.

[MaximoTrinidad]

Hi @LawrenceHwang,

I got an scenario that on after the upgrade to newer Windows 10 Insider Build the sshbroker no longer work ("<Failed to Read Description. Error Code: 15100 > "). But, on a fresh newer build sshbrokeris no longer installed.

I would suggest not to upgrade and do a fresh installation of the Windows 10 Insider edition.

:)

[LawrenceHwang]

Thank you @MaximoTrinidad 👍

Given the case is specific and likely only have limited number of users impacted. I suggest closing this issue. The information you shared is sufficient for future PowerShell users run into this case.

I also used Remove-Service cmdlet in PowerShell Core 6 to remove the SshdBroker service, which also removed the error when running Get-Service in PowerSell Core 6.

> Remove-Service -Name SshdBroker -Verbose
VERBOSE: Performing the operation "Remove-Service" on target "SshdBroker (SshdBroker)".

Cheers,

Lawrence

[LordDelacroix]

@LawrenceHwang I could not disagree more. Every PC I've looked at in our Organization, has been upgraded and every one has this issue: SshdBroker <Failed to Read Description. Error Code 15100> and it's RUNNING despite being set to MANUAL on all of them. And, If Microsoft thinks my Team and I are going to REINSTALL Windows fresh on over 1500 PC's they've got another thing coming!!

[doctordns]

You should not need to reinstall Windows to fix this issue. You just need to remove the service from the affected systems.

Assuming they are domain joined, then one solution would be to create a startup script that checks to see if the broker service exists on the computer, and if so, removes it. Combine that with a WMI filter that only runs said script if and only if the broker service is on the system. After a few days, all hosts would be resolved, You could add a bit of telemetry to the script to report back each host on which the script was run to confirm the service removal. I wish I was better with WMI filters to tap one out. But you get the idea and no doubt Google can assist with the details.