Troubleshoot Your Windows Task Scheduler Using Windows Server Log Files

+ Bonus tip: How you tin can do it in less than v minutes

Abstract

If you are responsible for managing your organization's Windows Servers, merely monitoring and managing your machines is a full-time job.

Tools like the Windows Task Scheduler helps yous keep your servers upwardly and running past automating tasks.

These tasks can be scheduled to run at set times, or when triggered by system events.

Every bit much as you rely on the scheduler, it tin sometimes allow you downward, and ofttimes at the worst possible time.

Permit'due south begin

When a unmarried task, running on a local machine, fails, y'all can set it without losing much slumber.

In large organizations, tasks can be far more complex and come across hundreds, or thousands of remote hosts.

In the words of theLarge Lebowski's, Walter Sobchak, "Smokey, my friend, you are entering a world of hurting".

The adept news –

Windows server gives y'all comprehensive logging tools  to locate and fix bug.

Even with these tools –exercise you know what logs are available, and what are they telling you?

In this article, we give y'all a complete guide to troubleshooting Windows Server scheduled tasks with log files. The article explains:

  • How events are scheduled.
  • What information is logged.
  • Where it is stored.
  • And takes you through common troubleshooting scenarios.

You volition become the answers you need and sympathise how to brand sense of the data Windows event logging gives you.

We start past giving you a detailed overview of Scheduled Tasks. Adjacent, we give you a practical step-past-footstep troubleshooting guide.

We will also bear witness you how you tin can practice information technology in less than 5 minutes with automation.

"Nice", y'all probably remember, and you are right, we are 🙂

Cutting to the chase :After reading this article, yous will be able to proactively identify Windows Task Scheduler problems, employ Windows events logs, and related data, to resolve real-globe issues.

You tin can skip sections –

  1. Windows Tasks scheduler: Understanding Scheduled Tasks.
  2. Windows Job Scheduler – Troubleshooting Scheduled Events.
  3. Bonus Tip: How Yous Can Troubleshoot Tasks in 5 Minutes.

Windows Tasks scheduler: Understanding Scheduled Tasks

A Windows Task  is a grouping of deportment, that automate organization management and maintenance procedures; such as installing patches, auditing, backing upwardly storage media, or dealing with security issues.

You lot create and schedule tasks using the Chore Scheduler  user interface or programmatically using PowerShell or the .Internet framework.

Once y'all accept created a task, yous utilize the Task Scheduler Service  to schedule the job'due south execution.

The Chore Scheduler Service is a Windows service that lets you manage, schedule, and monitor tasks.

Each task includes the following components:

  • General Information: Metadata that describes the task, such as the task's name, description, and location.
  • Triggers : Atmospheric condition that schedule chore execution at a specific time, or in response to specific criteria.
  • Actions:Lists i or more than actions that achieve the tasks desired issue.
  • Security Principals: Defines security credentials, permitted access levels, and organisation privileges required for task execution.
  • Conditions: Determines when a task tin can run, such as only running when the targeted host is idle, or continued to power.
  • Settings:  Configures how the tasks run, including when to restart a failed action, and how long the task is permitted to run.
  • History:  Logs chore execution data.

Windows Task Scheduler – Troubleshooting Scheduled Events

Allow'due south look at what happens when a scheduled task fails to run, and see how nosotros tin can utilise event logs to locate and prepare the trouble.

Step i: Understanding the Big Motion-picture show

To find the immediate reason why a task failed open the Event Viewer and locate the event.

  • Double-clicking the outcome opens a dialog box that tells usa the immediate crusade of the problem. Information technology provides the event'southward source, ID, level, and category.
  • The dialog also tells united states of america when the event was recorded and on which machine it occurred.

Chore Scheduler did not launch task -"\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents" because instance "{92e4bd81-96af-4a12-987f-3e83d80dd116}" of the same task is already running.
Log Name:      Microsoft-Windows-TaskScheduler/Operational
Source:        Microsoft-Windows-TaskScheduler
Date:          10/28/2018 1:21:28 PM
Effect ID:      322
Task Category: Launch request ignored, case already running
Level:         Warning
Keywords:
User:          Organization
Computer:      BILBO.mordor.local

Step 2: Diving Deeper

For detailed contextual information that helps us understand why an upshot occurred, you can use the related events logged by Windows, across multiple Windows Consequence Log (evtx) files.

The log'southward System section presents a summary of this boosted environmental data that helps you resolve the problem, such as the chore's Process ID, the thread on which it ran, and its Security ID.

Guid="{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}" />
322
0
iii
322
0
0x8000000000000000

200241

Microsoft-Windows-TaskScheduler/Operational
BILBO.mordor.local

Pace 3: Comprehending Upshot Context

To sympathize the bodily nature of the event and to get contextual clues, you lot need to look at the log file'southward EventData section.

Here, we can run into that part of the reason that the task failed to run is related to a memory effect.

\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
{92E4BD81-96AF-4A12-987F-3E83D80DD116}

Footstep 4: Get the Full Picture by Investigating Related Logs

In most cases, investigating a single log file is not enough by itself to find and fix a specific problem.

Since many scheduling issues are security related, a good place to start is to examine security-related audit logs, such as the Windows Security Upshot log.

Privileges:SeTcbPrivilege
Audit Failure10/28/2018 13:21:28BILBOMORDORMicrosoft-Windows-Security-Auditing130564673A privileged service was calledPrivilege
UseSensitive Privilege Use / Non-Sensitive Privilege Use0x00000000000D10EB
BILBO.mordor.localA privileged service was called.

In this instance, the Windows Security Event shows us that the reason the chore failed was related to a broader security issue, the log tells united states of america that the event tried to perform an action that required SeTcbPrivilege  level privileges.

The action performed by the task was assigned a lower privilege level and was, therefore, the host on which the task was scheduled to run, prevented it from running.

In add-on to showing that the task failed due to the tasks assigned privileges, information technology also shows u.s.a. information that indicates the root cause of the problem.

Process:
Process ID:0x0000000000000EBC
Process Proper noun:C:\Windows\System32\taskhostw.exe

Here we can encounter that the Security log indicates the problem was caused past an executable process called taskhostw.exe.

The log shows the states the executable'south Process ID and the process's full path.

In the final step, we volition sympathize why this information is important, and how we tin use it.

Pace 5: Research the Problem

At present we know the origin of the problem, permit's use our available resources to find out more nigh it.

By searching the net, we can meet that logs that identify a problem with taskhostw.exe. Bug with this process are unremarkably related to malware exploits, or a defective Windows component that controls folder access.

For more data on taskhostw.exe and related problems, see this article  from Microsoft.

Conclusions: How to Go the Most from Windows Server Logging?

Windows Scheduler Tasks are a nifty way to go things done.

In this commodity, we showed you what tasks are, and how they work. We besides took yous through a five-stride process that took you through the following steps:

  1. Agreement the big movie: How to employ the Event Viewer to discover problems.
  2. Diving deeper: How to read an issue log file to larn more than.
  3. Comprehending outcome context: Using Outcome Information to sympathize the problem's context.
  4. Getting the full flick: Using other log files to locate the root cause.
  5. Researching the trouble: How to use the data y'all gathered to find a feasible solution.

Now you tin deal with complex situations involving multiple servers, large amounts of logged information to ensure that:

  • Your system continues to fulfill your arrangement's mission
  • The user'south y'all support tin can do their piece of work.

You can download XpoLog and get these insights, a few clicks from now:

Bonus Tip: How Yous Tin Troubleshoot Tasks in v Minutes

Some other style you can monitor and troubleshoot your Windows Task Scheduler operations (and find errors in Windows logs) is to use an out of the box solution, such as XpoLog.

Using XpoLog's born Windows logs connector, you tin can stream Windows event logs in minutes.

Once you stream the Windows effect logs into XpoLog (all it takes is a few clicks), y'all kickoff getting insights nearly what'south happening in your system, without lifting a finger.

Learn more about our Windows app

What Do You lot Go with XpoLog Fully-Automated Tool?

XpoLog gives a dashboard that displays a general overview of Windows Job Scheduler related data it collected.

Here yous can speedily detect how many tasks failed to run and why, how many succeeded and details about the important events.

See for yourself – download now

Get automated insights about Windows task scheduler and troubleshoot in no time!

Drill downwards to each section to get more information.

task scheduler - types Distribution

The dashboard displays graphs of the collected Windows logs data.

task scheduler - view task start failed

To help yous notice exactly the log you lot need, it provides powerful search functionality.

Once yous have constitute the relevant effect or events, you tin review the log data –

Windows log analyzer

Download XpoLog7 free

Not but does XpoLog show you lot what happened in the past, it also monitors organisation log files for common and obscure errors.

XpoLog's proactive analytics engine is constantly analyzing log files. When it detects a problem, it sends notifications to alert arrangement administrators immediately.

Bottom line : XpoLog besides helps you bargain with problems that yous haven't idea of looking for, or never knew exists.

This means that y'all, your team and your organization, tin can set a problem long before users notice, and start sending helpdesk requests.

Y'all heard information technology! Less dealing with back up, more focusing on your tasks.

XpoLog too provides long-term retentivity by collecting all system logs from multiple servers across your organization.

XpoLog keeps all Windows related logs bachelor, from one or more locations, for any menstruation of time.

Moreover, XpoLog is not constrained by your organization's storage policies and restrictions.

The added value:  This means that XpoLog stores collected logging data indefinitely, and can use information technology to help you find and ready bug occurring over a longer time frame.

This approach allows yous to take preventive action to avert potential problems, instead of continually putting out fires as they ascend.

Download now, sit down back and relax – let XPLG practise the work for you!

XpoLog stores collected logging data indefinitely

Conclusions

XpoLog provides you an end to terminate solution for log information automation.

Once deployed, XpoLog enables yous to monitor your system and gives you lot a complete solution that includes a comprehensive analytics awarding.

This Windows application contains dashboards and reports which include insights most:

  • user access (login/logouts).
  • the wellness of your Windows server.
  • trends.
  • anomalies.
  • errors.
  • problems and more.

Your gain: Windows log visibility and insights in minutes without having to write queries or build reports manually.

In addition, you will be able to hands command and monitor your Windows environs, view and compare hosts action – without manual work at all!

How cool is that?