Task scheduler says task ran successfully but task doesnt run

0 comments

Posted on 25th July 2013 by Mike in Windows 2008 |Windows 2008 R2

, , , , ,

Hi,

We had a task that executed a custom powershell on several servers. It was working fine on all but one server. The task was the exact same on every server. The scheduler said the task completed successfully but when ran manually it was “successful” in less than a couple of seconds.

The action we were executing looked like this:
taskscheduler

Again this worked fine on other servers but one server it didnt work on.

To fix we gave the action the full path to powershell.exe:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
taskscheduler

enable credssp via powershell on windows server 2008 r2

0 comments

Posted on 3rd June 2013 by Mike in Windows 2008 R2

, , , ,

Enable CredSSP is needed when you’re doing a double hop. The example below shows what we’re talking about:

[———-1st hop———] [——————-2nd hop——————————]
Script Executes on Server 1 >>> Script Connects to Server 2 and downloads file from Server 3

On machine that will make 1st hop

1st – Enable group policy:
Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials
-Enable
-Show list of servers
-Add “wsman/*.domain.com” or “wsman/servername.domain.com” where servername is the name of the machine that makes the first hop
(your allowing the 1st machine to pass cred SSP to *.domain.com machines or to a specific host/server on domain.com)

2nd – Enable WSManCredSSP via Powershell
Enable-WSManCredSSP -Role Client -DelegateComputer *.domain.com -Force

May be necessary but wasnt in our case:
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name WSMan -Value “WSMAN/*.domain.com”

On machine that will make 2nd hop:

Enable WSManCredSSP Via powershell
Enable-WSManCredSSP -Role Server –Force;logoff

BITS 0x800704DD in Powershell Script as Scheduled Task windows 2008 R2

1 comment

Posted on 16th May 2013 by Mike in Windows 2008 R2

, , , ,

Hello All,

I was stumped for a while on this one. I wrote a powershell script to backup databases and use BITS to transfer them over the network. It worked great in an elevated powershell but when I went to automate the script using a scheduled task I kept getting this error when it got to the bits xfer:

Start-BitsTransfer : The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist.
(Exception from HRESULT: 0x800704DD)

There are several good explanations for the cause:
An Explanation of UAC and BITS
Dale Qiao’s Solution got me started
Issues With BITS (List of Errors and Why)

So what the hell is the solution?

In my case I needed an account that was a SQL sysadmin and a server admin. I used the task scheduler to run the tasks as the ‘system’ account.

1. Click Start Menu/Programs/Accessories/System Tools/Task Scheduler
2. On the General tab click Change User or Group
3. Make sure “Select this object type” contains “Built-in security principal” and “From this location” contains the computer name.
4. In the “Enter the object name to select” type “SYSTEM” and click OK
5. Select “Run with highest privileges”

DCOM APPID E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E CLSID D63AA156-D534-4BAC-9BF1-55359CF5EC30 Windows 2008 R2 SP1

0 comments

Posted on 9th May 2013 by Mike in Windows 2008 R2

, , , , , ,

If you’re running across the following error in your event logs:

The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63AA156-D534-4BAC-9BF1-55359CF5EC30}
and APPID
{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
to the user [username] SID [SID] from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

Then you’ve probably edited or disabled the following windows task:
Task Scheduler Library/Microsoft/Windows/Defrag

By default it is set to run weekly. If you change it you will begin getting the error above. To fix the issue, undo your changes (set it to enabled and weekly, 1am every Wednesday of every week)