-
Title
ODMAD | Re ACL Failing Error: 0x80004005 "ALService" -
Description
During the Re-ACL step on a single workstation, the process fails with error code
0x80004005, even after a reboot. The log indicates the failure occurs while processing a service named "ALService", due to invalid or non-existent service account credentials:03:04:25.3391462 - Error[42]: CmdLine job BT-ReACL is failed. Unable to process Service 'ALService'
System.ComponentModel.Win32Exception (0x80004005): ChangeServiceConfig: The account name is invalid or does not exist, or the password is invalid for the account name specified -
Cause
The issue appears to be related to a service named ALService. Based on log analysis, the service is not being processed by REACL, likely due to insufficient permissions assigned to the agent. This is further evidenced by the error code 0x80004005, which is a generic error indicating one or more of the following:
-
Insufficient permissions
-
Corrupted files or configuration
-
Potential malware or virus activity
-
System resource locks or restrictions
A preliminary investigation suggests that ALService may be associated with a cryptocurrency mining process, which is commonly flagged by antivirus tools as malware or potentially unwanted software. For reference, see this Microsoft Community discussion:
Microsoft Community - What is AIService.exe? -
-
Resolution
Possible Solution 1
The issue was resolved by removing a service called "ALEservice" from the affected system. After its removal, the REACL process completed successfully. The service was identified as part of an older, unused password reset software solution.
It is important to note that while "ALEservice" was not definitively confirmed as malware, there were several similarly named files and services observed during the investigation. This makes it unclear whether the service was malicious or simply outdated and misidentified. Nonetheless, its removal effectively resolved the problem.
Possible Solution 2
As an alternative to removal, the service named "ALEservice" can be excluded from the REACL process.
Important Note: Excluding this service may result in permissioning issues after cutover, which is expected behavior and not caused by the ODMAD tool. This approach should only be considered if the service is required for legacy functionality and cannot be removed.