1

I have 2 Windows 2000 servers in a domain 'DC', which run numerous windows scheduled tasks under the 'DC\Task-User' account. These tasks are and have been running successfully in the past couple of years without any account/password modifications.

Yesterday, the tasks went to 'Could not start' status. Myself having an admin account, was able to run these tasks with my credentials. Today, I ran the tasks again under the DC\Task-User account and they seem to be running fine without any issues.

This has happened in the past too. I'm not into networking so don't know much about the underlying problem. Has this something to do with a Domain controller account authentication?

Any pointers will be great!

neoco
  • 13
  • 5

3 Answers3

1

With Server 2008 and up, sometimes you need to log the svc account in to create a profile first. Check your event log and see if there is an event referencing having logged your svc account in with a temp profile. IF this is the case, log in with the svc account and you should be good to go.

James Dyess
  • 11
  • 1
  • James, these are win 2000 servers. I can see correct profile and it doesn't seem to be having any issue. If it had, some of the services that ran using the same account would have also failed to run. Since they appear to be working fine too, I don't understand why the tasks would not start one odd day and then run the next time when I entered the password again and manually ran them. Thanks. – neoco May 27 '14 at 19:26
0

Do you have group policies that force locking of accounts on X failed login attempts? If all of the tasks behave at one point and then stop, it's possible that a new task was set up somewhere in the domain recently with an incorrect password, and got the account locked. I've seen that happen a number of times, and it wouldn't have impacted any currently-running services.

crob
  • 1
0

This does sound like the account couldn't be authenticated for some reason. The domain controllers' Security event logs will give you more info. Plus, the local server's System event log might give a clue, but I'd be placing my bets on the DCs. The only issue here is that you'll need to check all of your DCs logs. However, if you know what date/time the job failed, it shouldn't be too hard to diagnose.

One final thought, is your member server showing any signs of clock drift. Is it in-sync with the domain controller(s). The reason for asking is that Kerberos, the underlying authentication mechanism, relies on consistent time between clients/member servers and the DCs. I'm not sure about Windows 2000 Server, but on Win2k3 it was max. 5 minutes by default.

On Win2k3 and above, clock issues will be seen in the System event log with a source of (I think) W32Time.

Simon Catlin
  • 5,232
  • 3
  • 17
  • 20