I have been creating a scheduled task with powershell to use a group managed service account (the only kind allowed) on Window Server 2016. Did this approximately one year ago on 5 2016 VM's, and it's worked flawlessly, with each one set to reboot on one day of the workweek. Until the latest Windows Update.
$action = New-ScheduledTaskAction C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe -Argument "C:\MAINTENANCE\REBOOT\REBOOT.bat"
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Tuesday -At 1:15am
$principal = New-ScheduledTaskPrincipal -UserID domain\gmsa$ -LogonType Password -RunLevel Highest
Register-ScheduledTask "Reboot Server Tuesday" –Action $action –Trigger $trigger –Principal $principal -Description "Reboot Server on Tuesday"
And here's the bat file:
C:\Windows\System32\shutdown.exe -r -f -t 10
Which is no longer working. So I tried:
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\shutdown.exe" -Argument "-r -f -t 10"
$trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Tuesday -At 12:01AM
$principal = New-ScheduledTaskPrincipal -UserID domain\gmsa$ -LogonType Password -RunLevel Highest
$setting = New-ScheduledTaskSettingsSet -Compatibility V1
Register-ScheduledTask "Tuesday GIS03 REBOOT Test" –Action $action -Settings $setting –Trigger $trigger –Principal $principal -Description "Tuesday GIS03 REBOOT"
Thinking that I needed to use -Compatibility to set the task as "Configure for: Windows Server 2016", which, did nothing, the task is still "Configure for: Windows 7"
Task is throwing "return code 2147942401." and not rebooting the server. Microsoft gives no hint that there is a "Server 2016" option with the -Compatibility flag.
Tried
$action = New-ScheduledTaskAction -Execute "C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe" -Argument "Restart-Computer -force"
Same return code 2147942401 yet Restart-Computer -force in a PS window works fine.
Yes the gmsa account has the right to logon as batch job in loc sec pol, yes the gmsa account has the correct privileges to the folder where the bat file is, and yes, the gmsa account has been successfully rebooting the server for the past year, and no, no other changes have been made. We put these into production and generally forget about them, as the application running on them is configure once and done, and runs reliably. No other users are logged on to the server, and I can reboot fine myself. In addition, the same gmsa account is running several other tasks no problem (backup, event log scanning for certain codes), just not rebooting.
So post latest WU, how are folks rebooting Server 2016 with task scheduler?
