none
gMSA and Scheduled Task: Error

    Question

  • Hi Forum

    I have configured a new gMSA account (FFL/DFL 2012R2). Installed this on the 2012 R2 host (using PowerShell) I wish to run the scheduled task on, tested and came back true.

    I then added the permissions, Logon as Batch job and placed the gMSA in the Local Admin group.

    I then tied the gMSA to an existing Scheduled Task with -LogonType Password and Run as Highest privileges. This was running under a domain admin account previously.

    The scheduled task has the setting "run with or without being logged on".

    I then ran the scheduled task manually and automated and received the error below.

    Task Scheduler failed to start "name of task" task for user "gMSA account name". Additional Data: Error Value: 2147943645

    The task is set to run a .bat file which calls a PowerShell script. The task ends up moving files from one location to another.

    Being a local admin the account should have access to the folder locations and files.

    Can anyone advise why I get this error? I suspect another restart may help, or this is something to do with the PowerShell script?


    Thanks in advance

    NN


    • Edited by Naked Nuts Thursday, March 16, 2017 1:21 PM
    Thursday, March 16, 2017 1:20 PM

Answers

All replies

  • Hi NN,

    >>Task Scheduler failed to start "name of task" task for user "gMSA account name". Additional Data: Error Value: 2147943645

    I suspect you encountered the following issues same with me:

    My suggestion is: using this gMSA account to re-create this scheduler task then test again.

    Tips: You could use command-lines to create this testing task.

    In addition, modify this GPO location: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\ Log on as a batch job->add this gMSA account into it.

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 17, 2017 2:16 AM
    Moderator
  • Hi Andy

    That is exactly what I am seeing. The logon as batch job is configured.

    I was hoping not to have to rebuild all of the scheduled tasks, but will test this as a last attempt and decide from there.

    Kind regards

    NN

    Monday, March 20, 2017 11:28 AM
  • In the end the company decided not to use gMSA for this task.


    • Marked as answer by Naked Nuts Wednesday, March 22, 2017 5:28 PM
    Wednesday, March 22, 2017 5:28 PM