question

ShaneKing-3381 avatar image
0 Votes"
ShaneKing-3381 asked MotoX80 commented

Tasks associated with Event viewer actions not working

I have two Server 2019 servers, one is a AD controller, the other RDS server.

Both use (or meant to use) the attach an task to trigger a notifier script of certain events. For some reason one server this never works, both were built within hours of one another approx 2 years ago, yet one simply will not process triggers to ask scheduler and I have not been able to figure out why.

Does anyone know of a method to troubleshoot and resolve this kind of issue.?

I have:

  1. made sure both are patched to current levels

  2. manually run the "trigger" from task scheduler on both servers

  3. checked for any supplemental errors in the even log to see if something is coincidentally causing the issue


windows-server-2019
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered

manually run the "trigger" from task scheduler on both servers


Does that mean that you right clicked the task In Task Scheduler and selected "run" or did you manually generate the event ID using a tool like eventcreate.exe? You did not say if that worked or not. Did it?

How are you determining that it "didn't work"? Did the task run, but the program didn't produce the desired results? What does the task do? Does the task history show that it executed?

144668-capture.jpg




capture.jpg (102.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaneKing-3381 avatar image
0 Votes"
ShaneKing-3381 answered

Hi MotoX80.

Using the best example. When Windows Server Backup starts / fails / succeeds, it generates tan event 1 or 19 or 4 respectively. There is a separate Task Scheduler task attached to each of these events in the event log. When any of these appear in the event log it triggers a batch file that emails me and others the status of the backup as well as the the log from the backup tasks. The process also generates 3 other logs

  • 1st records what has happened with the backup,

  • 2nd records the processes within the batch file in case it has a problem performing any commands etc, (so that if an error happens I know where in the script it happened).

  • 3rd is created by the emailer.exe creates a log recording the progress and status( in case the email fails etc)

If I right click the scheduled task for each event log item, and choose Run, it executes the batch file, and all 3 logs are updated
If I run the scheduled backup manually from Task Sched,

  • the backup executes

  • It writes its events to the event log

  • The Scheduled tasks associated with the event IDs does not execute

The Event log entries are created by Windows Server Backup, none are created by any utils (in this instance, its not possible to create an event with eventcreate.exe in the Backup Event Log)

The script is identical across 35 odd servers (running either Server 2008R2 Server 2012/R2, 2016 and 2019) at different client sites without error

144727-capture.png

The above screen capture shows the last time these event viewer tasks executed which was when I last manually ran them. The last execution times should have been 4 hours ago (its Midday 29/12/21 where I am) for both Event ID 1 and Event ID 4 (backups all succeeded).



capture.png (108.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MotoX80 avatar image
0 Votes"
MotoX80 answered

it triggers a batch file

Let's capture stdout and stderr and see what your bat file is doing.

Change the scheduled task to execute program "cmd.exe".

In the arguments field set it to:

 /c C:\MyScriptsFolder\MyScript.bat  1>>C:\MyScriptsFolder\Logs\MyScript.log 2>&1

That will create a log file of the bat commands. See if you can find where the 0xFF error is coming from. Use your preferred folder/file names.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShaneKing-3381 avatar image
0 Votes"
ShaneKing-3381 answered MotoX80 commented

Set commands as suggested and ran manually. Batch file executed and no errors observed. output below. Notifications received

 C:\Windows\system32>REM +--------------------------------------------------------------+ 
    
 C:\Windows\system32>REM | Ask Itee Backup Notifier                                     | 
    
 C:\Windows\system32>REM +------------+---------+---------------------------------------+ 
    
 C:\Windows\system32>REM |    Date    | Version |              Notes                    | 
    
 C:\Windows\system32>REM +--------------------------------------------------------------+ 
    
 C:\Windows\system32>REM | 01/06/2019 | 1.0     | Swithmail version                     | 
    
 C:\Windows\system32>REM +--------------------------------------------------------------+ 
    
 C:\Windows\system32>ECHO OFF 
 _2021-10-29 - _15:01 :  Backup Return Code = 4AI_BackupNotifier_LogLocation
    
 C:\Windows\system32>REM +--------------------------------------------------------------+ 
    
 C:\Windows\system32>REM | Ask Itee Backup Notifier                                     | 
    
 C:\Windows\system32>REM +------------+---------+---------------------------------------+ 
    
 C:\Windows\system32>REM |    Date    | Version |              Notes                    | 
    
 C:\Windows\system32>REM +--------------------------------------------------------------+ 
    
 C:\Windows\system32>REM | 01/06/2019 | 1.0     | Swithmail version                     | 
    
 C:\Windows\system32>REM +--------------------------------------------------------------+ 
    
 C:\Windows\system32>ECHO ON 
    
 C:\Windows\system32>REM Use this variable to turn testing routines off / On Testing as needed 
    
 C:\Windows\system32>SET Testing=off 
    
 C:\Windows\system32>IF off == on ECHO ON 
    
 C:\Windows\system32>REM    :::::::::::::: Lets set some variables :::::::::::::: 
    
 C:\Windows\system32>Rem - Valid customer recipients 
    
 C:\Windows\system32>SET eMailto=administration@customerdomain.com,support@customerdomain.com 
    
 C:\Windows\system32>Rem - Add Shane if Testing 
    
 C:\Windows\system32>IF off == on SET eMailto=support@customerdomain.com 
    
 C:\Windows\system32>Rem - Add valid customer sending address 
    
 C:\Windows\system32>SET eMailfr=Hub2.Backup@customerdomain.com 
    
 C:\Windows\system32>Rem Extract Short Server name 
    
 C:\Windows\system32>SET ThisDevice_MainID=HUB2 
    
 C:\Windows\system32>Rem - Valid MX server 
    
 C:\Windows\system32>SET MXServer=customerdomain-com.mail.protection.outlook.com 
    
 C:\Windows\system32>REM - Set SMTP Username & Password 
    
 C:\Windows\system32>SET SMTPUsername= 
    
 C:\Windows\system32>SET SMTPPassword= 
    
 C:\Windows\system32>REM - SwithmailSettings 
    
 C:\Windows\system32>SET SWMPort=25 
    
 C:\Windows\system32>REM if any event other than 4 go ahead, otherwise pausse for 60 seconds to allow cascaded events to 
    
 C:\Windows\system32>REM be processed in order and notifications in correct order 
    
 C:\Windows\system32>REM IF 4==4 TIMEOUT /T 60 
    
 C:\Windows\system32>REM Begin trace of batch file 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)- 
    
 C:\Windows\system32>SET SendITLog=n 
    
 C:\Windows\system32>REM Extract and assemble date / time for log stamping 
    
 C:\Windows\system32>for /F "tokens=1-2 delims=: " %d in ("15:02:45.98") do SET LogTime=_%d:%e 
    
 C:\Windows\system32>SET LogTime=_15:02 
    
 C:\Windows\system32>for /F "tokens=1-5 delims=/ " %d in ("Fri 29/10/2021") do SET LogDate=_%g-%f-%e 
    
 C:\Windows\system32>SET LogDate=_2021-10-29 
    
 C:\Windows\system32>SEt Trace=(EvLogVal=4)-(dt+tm)- 
    
 C:\Windows\system32>REM Define Log Name & Location as variable 
    
 C:\Windows\system32>SET AI_BackupNotifier_LogLocation=C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>REM Define Email msg body Name & Location as variable 
    
 C:\Windows\system32>SET MsgBody=C:\Scripts\Backup_Related\MsgBody.txt 
    
 C:\Windows\system32>REM Update trace 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)- 
    
 C:\Windows\system32>REM Skip this section if backup has started 
    
 C:\Windows\system32>REM IF NOT 4==1 GOTO START 
    
 C:\Windows\system32>ECHO ___________________________________________________  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ...          S T A R T E D ! ! ! ! !            ...  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ...          _2021-10-29 at _15:02             ...  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ___________________________________________________  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>REM ----- Evaluate response 
    
 C:\Windows\system32>IF 4 == 1 GOTO 1 
    
 C:\Windows\system32>SET Check=(Not1)- 
    
 C:\Windows\system32>IF 4 == 4 GOTO 4 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)- 
    
 C:\Windows\system32>SET EMsubj="Backup COMPLETED OK - of "ServerID 
    
 C:\Windows\system32>SET body=Backup of Server Suceeded without error. (4) 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Backup Return Code = 4AI_BackupNotifier_LogLocation 
 _2021-10-29 - _15:02 :  Backup Return Code = 4AI_BackupNotifier_LogLocation
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Subject            = "Backup COMPLETED OK - of "ServerID   1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Body               = Backup of Server Suceeded without error. (4)   1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Backup of Server Suceeded without error. (4)    1>C:\Scripts\Backup_Related\MsgBody.txt 
    
 C:\Windows\system32>GOTO Tail 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)-(ArriveTail)- 
    
 C:\Windows\system32>REM Echo to log SMTP message values 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  eMailto            = administration@customerdomain.com,support@customerdomain.com      1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  eMailfr            = Hub2.Backup@customerdomain.com      1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  subj               = "Backup COMPLETED OK - of "ServerID         1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  server             = customerdomain-com.mail.protection.outlook.com       1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Testing is         = off      1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Send IT the Log    = n    1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Port               = 25      1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)-(ArriveTail)-(MsgSetup)- 
    
 C:\Windows\system32>REM    ::::::::::::::::: Now we run SwithMail!  ::::::::::::::::: 
    
 C:\Windows\system32>SET errorlevel= 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)-(ArriveTail)-(MsgSetup)-(CmdAssmbl)- 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  .   1>>C:\Scripts\Backup_Related\MsgBody.txt 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)-(ArriveTail)-(MsgSetup)-(CmdAssmbl)-   1>>C:\Scripts\Backup_Related\MsgBody.txt 
    
 C:\Windows\system32>IF off == on GOTO SendTestEmail 
    
 C:\Windows\system32>REM    :::::::: Check external MX server contactable ::::::::::: 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :   C:\Scripts\Backup_Related\swithmail.exe /s /from Hub2.Backup@customerdomain.com /name ServerID /server customerdomain-com.mail.protection.outlook.com /p 25 /TLS /to administration@customerdomain.com,support@customerdomain.com /subject ""Backup COMPLETED OK - of "ServerID" /btxt "C:\Scripts\Backup_Related\MsgBody.txt"  /LOG  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>C:\Scripts\Backup_Related\swithmail.exe /s /from Hub2.Backup@customerdomain.com /name ServerID /server customerdomain-com.mail.protection.outlook.com /p 25 /TLS /to administration@customerdomain.com,support@customerdomain.com /subject ""Backup COMPLETED OK - of "ServerID" /btxt "C:\Scripts\Backup_Related\MsgBody.txt"  /LOG 
    
 C:\Windows\system32>ECHO _2021-10-29 - _15:02 :  Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)-(ArriveTail)-(MsgSetup)-(CmdAssmbl)-   1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ___________________________________________________  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ...          F I N I S H E D ! ! ! ! !          ...  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ...          _2021-10-29 at _15:02             ...  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>ECHO ___________________________________________________  1>>C:\Scripts\Backup_Related\ServerID.txt 
    
 C:\Windows\system32>Rem only send to Shane if testing 
    
 C:\Windows\system32>SET Trace=(EvLogVal=4)-(dt+tm)-(LogMsgPaths)-(Not1)-(Arrive4)-(ArriveTail)-(MsgSetup)-(CmdAssmbl)-(Sending...)- 
    
 C:\Windows\system32>IF off == on C:\Scripts\Backup_Related\swithmail.exe /s /from Hub2.Backup@customerdomain.com /name ServerID /server customerdomain-com.mail.protection.outlook.com /p 25 /TLS /to "support@customerdomain.com" /subject ""Backup COMPLETED OK - of "ServerID" /btxt "C:\Scripts\Backup_Related\MsgBody.txt" /LOG /Attachment C:\Scripts\Backup_Related\ServerID.txt  
    
 C:\Windows\system32> IF ~dp0swithmail.exe /s /from Hub2.Backup@customerdomain.com /name ServerID /server customerdomain-com.mail.protection.outlook.com /p 25 /TLS /to "support@customerdomain.com" /subject ""Backup COMPLETED OK - of "ServerID" /btxt "C:\Scripts\Backup_Related\MsgBody.txt" /LOG /Attachment C:\Scripts\Backup_Related\ServerID.txt 


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

and ran manually.


What do you get when the task is triggered by an event?

I am not familiar with SwithMail. Does the /LOG switch tell it to write results to a log file, or maybe generate an event in the Application event log?

Is the task set to run as the SYSTEM account?

0 Votes 0 ·
LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered MotoX80 commented

Hello @ShaneKing-3381,

Thank you for your question and reaching out. My name is Prakash and I’d be more than happy to help you with your query.

  1. General tab, ensure that the below options are select/checked or unchecked just as shown in Print Screen A

Uncheck Run only when user is logged on
Check Run whether user is logged on or not
Check Run with the highest privileges
2. Conditions tab, ensure that the below options are select, checked, or unchecked just as shown in Print Screen B

Check Wake the computer to run this task
3. Actions tab, click Edit, and ensure that the Start in (optional) is set just as shown in the below example (DO NOT put double quote marks around it) for the full path pointing where the batch script is located WITHOUT a final backslash "\" Print Screen C

  1. From GPO settings check if the user has privileges to run the task without login.
    From Security Settings, open Local Policies and highlight User Rights Assignment.
    Locate Log on as a batch job. Open the properties and add any users that need this right.




--If the reply is helpful, please Upvote and Accept as answer--

· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks LT-2700,

Responses
Item 1 These are consistent with other servers
Item 2 These are also consistent with all other servers
Item 3 These are also consistent with all other servers

The account is a member of domain admin group

In the case of the RDS server where this works ok, I exported the Task Scheduler items and imported them into the one that isn't (obviously on the same domain) as a test to see if it was a corrupt parameter config, but nothing changed

0 Votes 0 ·

You need to troubleshoot the root error and try to find what is causing that. Telling us that you've set the tasks up the same way on multiple servers and then wondering why it doesn't work is what I call a "Magic Crystal Ball question".

You replied to me that when you manually ran the task and it worked and provided the log. That's great, but we need to see the log of when it fails. Do you have the log from when it encounters the 0xFF error? Or does it fail before it even creates that log?

Does Swithmail create a log every time that its is executed? Is there any entry from a task that fails?

What about other events in the Application/Security/System event logs when the task fails?

Trace the failing task with Process Monitor. I will show what programs are invoked and every file I/O and network call that they do. Look for "access denied" errors.

https://docs.microsoft.com/en-us/sysinternals/downloads/procmon

0 Votes 0 ·

Hi MotoX80,

The root problem/error is that Task Scheduler (TS) does not execute the batch file when the event appears in the event log.

Nothing is written to the event log on the server and the logs created by the batch file don't get created/updated because the batch file isn't executed. Swithmail does write logs, but the batch file has to call it for them to be written.

There are no other events in the System or Application logs that could be related to the failure to trigger the script.

Troubleshooting prior to posting here,

  • I added a few more batch files to respond to events in the event log, one just pipes DIR to a text file, this doesn't execute either.

  • Checked for events in EV that might show some relation to the timing,

  • Tried running notepad.exe tied to an event

  • Made sure file security wasn't awry on the files and folder structure (Removed and reapplied), including reset ownership

  • Tried a cloned domain admin account as the account executing the item

  • Called eventcreate.exe from TS to create events in the Application log, none are written as it never gets executed.

  • Trolled thru the update list KB articles to see if any have impact on Task Sched

  • Tested an ordinary TS task (not linked to an event trigger) this ran.

If it were a PC I'd rebuild it if warranted, but being the sole ADC, that's out for such a minor problem.

I'm conceding defeat. If it were SQL or Exchange or deeper OS issue then it would warrant more energy, I might recommend the client consider an alternate backup solution

I




0 Votes 0 ·
Show more comments