If you get errors trying to run the Task Scheduler on Win2K8 and Event Viewer is not there to help

  • Article

Hi,

Once again I got angry on my poor computer because it didn't want to play nice.

I was trying to create a scheduled task to robocopy some files every day to a certain shared folder. But when I started the Task Scheduler (taskschd.msc /s) I got an error saying that the Task Scheduler service is not working.

I take a look at the services (services.msc) and it was right, it wasn't running... Hmmm... perhaps it would be a good idea to start it. I try to do that and I get an error saying that a dependent service cannot start. This must be one of those days. I take a look to see what dependencies does the Task Scheduler have and I find the Event Log. I look at this one and guess what I see?!? The Event Logger is not running either. OK. I try to start it and now I get "Error 5: Access is denied". This is definitely one of those days.

I start looking for solutions online and after a couple of tries I found this one: http://social.msdn.microsoft.com/Forums/de-DE/winserver2008appcompatabilityandcertification/thread/c231b5d0-2a36-4ddf-a457-e5f471667302. For me step 1, 2 and 4 did the trick.

1. Checked the permissions on HKLM\System\CurrentControlSet\Services\eventlog make sure "Authenticated Users" has permission. I found Authenticated Users under the Machine Object group with Find All operation
2. Make sure Administrators/Administrator has Full Control permissions on folder C:\Windows\System32\winevt\logs. I didn't even have the folder so I needed to create it manually
4. Run the below command:
ICACLS C:\Windows\System32\winevt\logs /grant *S-1-5-80-880578595-1860270145-482643319-2788375705-1540778122:(F)
F --> for Full Control
S-1-5-80-880578595-1860270145-482643319-2788375705-1540778122 --> SID of the group EventLog on any 2008 server and is same on all servers. If you don't belive that this is your machine SID you could check it by doing sc showsid eventlog

After doing all this I was able to start the Event viewer which allowed me to start the Task Scheduler which allowed me to run my robocopy... And it took only 1-2 hours...

Thanks,
Ionutz