WSL
WSL copied to clipboard
microsoft
Store WSL isn't accessible from Session 0
Version
Multiple versions are affected
WSL Version
- [x] WSL 2
- [x] WSL 1
Kernel Version
No response
Distro Version
No response
Other Software
No response
Repro Steps
Store WSL currently isn't accessible from session 0 contexts. This means that it's not possible to interact with WSL from remote sessions such as ssh or psremote.
If wsl.exe is called from session 0, it will exit and display:
Access is denied.
on stdout.
I think this issue is already tracked internally. However, this problem continues even now.
Release Notes for Windows Subsystem for Linux in the Microsoft Store
...
Known Issues:
- Launching Windows Subsystem for Linux from session zero does not currently work (for example from an ssh connection).
https://learn.microsoft.com/en-us/windows/wsl/store-release-notes#known-issues
This is a deal breaker for some. Would be nice to get notice when it is solved. Thanks!
Please fix this - I cannot remotely login to WSL using the builtin OpenSSH server, my scheduled tasks also stopped working.
Impact of this issue is complicated by the fact the store packaged version appears to now be required on the latest windows 11 insiders build (10.0.25267). Still looking for workarounds...
https://github.com/microsoft/WSL/issues/9355 https://github.com/microsoft/WSL/issues/9373
Please fix this - I cannot remotely login to WSL using the builtin OpenSSH server, my scheduled tasks also stopped working.
I had to uninstall store version of WSL to be able to run ssh server at system startup again
If policies make it difficult to enable Windows openssh to run WSL, an alternative/workaround might be to run a second openssh server (using a different port) within WSL. At the moment this seems not to be possible. But maybe that possibility can be enabled?
I am surprised by this. By default, I can access wsl from the native OpenSSH server by setting HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSH to C:\Windows\System32\wsl.exe. I am using the store version with Ubuntu LTS 22.04
My problem is actually this: every time I initiate a SSH connection, I get a new WSL shell. I am unable to return back to the same session in case of disconnection events; all my background processes are gone. Each connection is therefore a new WSL instance.
Should I open another ticket for this ?
I am surprised by this. By default, I can access wsl from the native OpenSSH server by setting
HKEY_LOCAL_MACHINE\SOFTWARE\OpenSSHtoC:\Windows\System32\wsl.exe. I am using the store version with Ubuntu LTS 22.04
I've tried it back and forth on different installs several times, and it never worked. It's a few months ago - should it be fixed and noone here knows? Many have the issue, and it's even acknnowledged by MS... Weird!
My problem is actually this: every time I initiate a SSH connection, I get a new WSL shell. I am unable to return back to the same session in case of disconnection events; all my background processes are gone. Each connection is therefore a new WSL instance.
Should I open another ticket for this ?
I don't think so: interrupted ssh sessions are like logoffs, like closing a terminal emulator (historically speaking closing a terminal emulator is like logging off ;-) ) - you wouldn't expect to get your jobs back there, right... You want to look into tmux or something alike. They keep processes running wile you're off, and you can attach back to them from another shell...
I've tried it back and forth on different installs several times, and it never worked. It's a few months ago - should it be fixed and noone here knows? Many have the issue, and it's even acknnowledged by MS... Weird!
This looks weird indeed. Let me know if any of you would like more details. I just installed the "Ubuntu" app in the store using a local account.
You want to look into tmux or something alike. They keep processes running wile you're off, and you can attach back to them from another shell
It's exactly that! I don't find my tmux sessions when I log back in. In fact, I don't find the tmux process at all!
It's exactly that! I don't find my tmux sessions when I log back in. In fact, I don't find the tmux process at all!
I have no experience with tmux in WSL, so I can't comment from experience. But I'd think about whether your WSL - instance keeps running all the time, or wheter it has had a "reboot" in your time off - even tmux doesn't survive that ;-) Though maybe it can be made to autostart and continue processes? Dunno. I know that WSL's wakeup behavior from suspend is broken (it was in my version) - maybe another reason why tmux might vanish?
Or maybe you need to start your tmux processes in a local shell and let that run? Maybe you can then attach to running tmux from ssh and not shut WSL down by logging off?
And just to let others know: I did install the MS Store update again, and was immediately cut out of ssh-ing in. Fortunately it is enough to uninstall via the App-Icon that appears after the update, and the previous state returns... (i.e. no total reinstall of WSL required)
And yes, if I started tmux in a local shell and kept it running, I can ssh in and out multiple times and see that tmux live on happily...
Final remark for others like me who didn't realize (what for again others is likely self-evident): if it's just about ssh-ing into a running WSL from the outside (i.e. not about actually "booting" wsl): that is possible with the store version of wsl too. You access the host into a shell that doesn't depend on wsl, and from there you ssh into the running wsl: ssh -p n localhost. I guess sshd inside wsl needs to listen on a different port (n) than "outer"-Window's sshd (edit /etc/ssh/sshd_config). For my requirements that's actually tolerable ;-) , and one might consider the inability to start/stop wsl in a ssh-schell a protection of running processes inside wsl.
As @bagong mentioned it is possible to install and run a second OpenSSH server (using a different port) in your WSL instance as a workaround.
This can then be combined with using the ProxyJump directive to transparently connect to the second OpenSSH server by jumping through the win32 OpenSSH server. The directive can be added to the remote system's ~/.ssh/config:
Host openssh_win32
Hostname your_computer.local
User windows_username
Host openssh_wsl
ProxyJump openssh_win32
User wsl_username
HostName localhost
Port 2222
The above example assumes that the second OpenSSH server in wsl is running on port 2222.
Using this configuration it is then possible to connect to the wsl instance via the hostname openssh_wsl:
ssh openssh_wsl
While it is possible to get inside the WSL instance based on the proxy jump idea from @joes, this issue still needs to be fixed for use cases such as attempts to install a new WSL distribution on a remote Windows system over SSH.
In other words anything involving the WSL executable besides getting into an instance.
My use case is accessing WSL remotely after a cold boot.
I can turn on the PC remotely via WOL and SSH into a win32 OpenSSH server, but cannot start WSL from said SSH connection (session 0). Nor is it possible to start WSL automatically on boot before a user logs in to Windows (also session 0?). For example, you cannot use Task Scheduler's "Run whether user is logged on or not" option to start wsl.exe.
My workaround has been to use RDP just to login remotely and start WSL (which is started automatically on user login by Task Scheduler). Then I can SSH directly into WSL.
Does anyone know of a solution for either remotely initiating a Windows user login or remotely obtaining session 1 without the GUI overhead of the RDP/Remote Desktop app? Ideally command-line only.
@yo1dog In an entirely different context, I know of a solution (batch file) that runs from the command line with GUI overhead, but:
- No certificate prompt on RDP client (no blanket suppression, suppress only for the IP / FQDN of your server)
- No wait on prompt for things like privacy settings, etc ... some 6 radio buttons that appear on an OOB Windows deployment
This batch file uses openssl, sed to obtain, mangle and register the cert hash for a given server to avoid that cert warning.
On the server, I place a different batch file in the Startup folder (your idea uses Task Scheduler). This could use the timeout command to sleep for a bit, and then logoff from the server (to gracefully terminate the RDP client) after your WSL instance has started.
%1 is the IP / FQDN of your server.
openssl s_client -connect %1:3389 < NUL 2>NUL | openssl x509 -fingerprint -noout | sed -e 's/://g' > %TEMP%\%1-rdp-fingerprint.txt
for /f "tokens=2 delims==" %%a in ('type %TEMP%\%1-rdp-fingerprint.txt') do (
reg add "HKCU\Software\Microsoft\Terminal Server Client\Servers\%1" /v CertHash /t REG_BINARY /d %%a /f
)
start mstsc /f /v %1
To avoid OOB prompts, this needs to run even before the logon:
reg add "HKLM\Software\Policies\Microsoft\Windows\OOBE" /v DisablePrivacyExperience /d 1
For the script to be run at logon, I believe you already have one.
cmdkey /generic:TERMSRV/<IP or FQDN> /user:<username> /pass:<passwd> will let you save the password for logging in using an RDP client automatically.
@benhillis Has the team made any progress on this issue? And if not is there any quick fix to make this work?
Also curious here - this is a bit painful, can't execute a WSL (bash) script from a service (Session ID 0).
Thanks!
@arrmo I was able to resolve that problem by doing this:
https://github.com/microsoft/WSL/issues/8835#issuecomment-1446474057
Edit: I've enabled systemd in WSL by using this:
https://github.com/DamionGans/ubuntu-wsl2-systemd-script
(The enabler script still works, but on newer distros like Ubuntu 22.04 you need a patch from here)
@arrmo I was able to resolve that problem by doing this:
Edit: I've enabled systemd in WSL by using this:
https://github.com/DamionGans/ubuntu-wsl2-systemd-script
(The enabler script still works, but on newer distros like Ubuntu 22.04 you need a patch from here)
@aki-k Doesn’t your fix only apply to the non-store version?
@arrmo I was able to resolve that problem by doing this:
Thanks! But ... I admit, not sure about store vs. non-store versions. Can you clarify (and how to check)?
Thanks again.
Now I'm not so sure any more if my WSL is from the Store:
PS C:\Windows\system32> Get-AppxPackage | findstr /i "linux"
Name : MicrosoftCorporationII.WindowsSubsystemForLinux
PackageFullName : MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d8bbwe
InstallLocation : C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d8bbwe
PackageFamilyName : MicrosoftCorporationII.WindowsSubsystemForLinux_8wekyb3d8bbwe
PS C:\Windows\system32> Get-AppxPackage -Name "MicrosoftCorporationII.WindowsSubsystemForLinux"
Name : MicrosoftCorporationII.WindowsSubsystemForLinux
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture : X64
ResourceId :
Version : 1.1.3.0
PackageFullName : MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d8bbwe
InstallLocation : C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d8bbwe
IsFramework : False
PackageFamilyName : MicrosoftCorporationII.WindowsSubsystemForLinux_8wekyb3d8bbwe
PublisherId : 8wekyb3d8bbwe
IsResourcePackage : False
IsBundle : False
IsDevelopmentMode : False
NonRemovable : False
IsPartiallyStaged : False
SignatureKind : Developer
Status : Ok
PS C:\Windows\system32> dir 'C:\Program Files\WindowsApps\' | findstr /i "linux"
d----- 3/8/2023 12:20 PM MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_neutral_~_8wekyb3d8bbwe
d----- 3/8/2023 12:20 PM MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d8bbwe
Somebody wrote that the Store packages would be installed into C:\Program Files\WindowsApps .
Interesting - I have no *C:\Program Files\WindowsApps* directory. Thoughts?
Thanks!
@arrmo It's supposedly hidden (and access rights removed from the user) by default:
https://www.thewindowsclub.com/what-is-windowsapps-folder
Edit: I also can't access it from Windows Explorer but (Run as Administrator) Powershell didn't have any problems :)
Edit: I also can't access it from Windows Explorer but (Run as Administrator) Powershell didn't have any problems :)
Same here! Thought I was going crazy ... LOL. OK, from Powershell (Admin),
d----- 3/7/2023 12:05 PM MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_neutral_~_8we
d----- 3/7/2023 12:05 PM MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d
So are you thinking your fix should work here? Will try it if you think so. Thanks!
Will try it if you think so.
It was tricky to get started but I described it as well as I could. If you have questions about it, I can help out.
It was tricky to get started but I described it as well as I could. If you have questions about it, I can help out.
Thanks!! One question ... your script seems to be about systemd, but I'm just trying to launch a bash script - from Session 0. Not sure how / why systemd applies here (but that's likely me!).
Thanks again.
your script seems to be about systemd
I enable systemd in WSL because I run services in there (sshd, containerd, dockerd) and access the container with a XPRA client (https://xpra.org/).
Yes, agreed! But I'm just trying to spawn a script, no service inside WSL -> your solution still apply?
Thanks!
I confirm that WSL commands still do not work from scheduled tasks configured (*) Run whether the user is logged on or not with following software versions:
- Windows 11 22H2 build 22621.1344
- WSL: 1.1.3.0 (full package name
MicrosoftCorporationII.WindowsSubsystemForLinux_1.1.3.0_x64__8wekyb3d8bbwe) installed with winget
