Task scheduler says task ran successfully but task doesnt run

0 comments

Posted on 25th July 2013 by Mike in Windows 2008 |Windows 2008 R2

, , , , ,

Hi,

We had a task that executed a custom powershell on several servers. It was working fine on all but one server. The task was the exact same on every server. The scheduler said the task completed successfully but when ran manually it was “successful” in less than a couple of seconds.

The action we were executing looked like this:
taskscheduler

Again this worked fine on other servers but one server it didnt work on.

To fix we gave the action the full path to powershell.exe:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
taskscheduler

enable credssp via powershell on windows server 2008 r2

0 comments

Posted on 3rd June 2013 by Mike in Windows 2008 R2

, , , ,

Enable CredSSP is needed when you’re doing a double hop. The example below shows what we’re talking about:

[———-1st hop———] [——————-2nd hop——————————]
Script Executes on Server 1 >>> Script Connects to Server 2 and downloads file from Server 3

On machine that will make 1st hop

1st – Enable group policy:
Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentials
-Enable
-Show list of servers
-Add “wsman/*.domain.com” or “wsman/servername.domain.com” where servername is the name of the machine that makes the first hop
(your allowing the 1st machine to pass cred SSP to *.domain.com machines or to a specific host/server on domain.com)

2nd – Enable WSManCredSSP via Powershell
Enable-WSManCredSSP -Role Client -DelegateComputer *.domain.com -Force

May be necessary but wasnt in our case:
Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain -Name WSMan -Value “WSMAN/*.domain.com”

On machine that will make 2nd hop:

Enable WSManCredSSP Via powershell
Enable-WSManCredSSP -Role Server –Force;logoff