Task scheduler Windows Server 2019 - Task not running ONSTART

Question

I am trying to build an AWS AMI for a gitlab runner for building our .NET application. I am using packer for building the image based one the official Windows Server 2019 base AWS AMI.

I am using WinRM, with HTTPS, not changing any password.

Here are the powershell commands to configure the virtual machine :

"Creating desktop directory"
mkdir C:\Windows\SysWOW64\config\systemprofile\Desktop


"Installing ntrights tools"
mkdir tools
Invoke-WebRequest -Uri "https://download.microsoft.com/download/8/e/c/8ec3a7d8-05b4-440a-a71e-ca3ee25fe057/rktools.exe" -OutFile "tools\tools.exe" -UseBasicParsing

Start-Process "tools\tools.exe" -ArgumentList "/T:$pwd\tools\ /C" -Wait
Start-Process "msiexec.exe" -ArgumentList "/i $pwd\tools\rktools.msi /qn" -Wait

$env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")

Remove-Item tools -Recurse

"Setting rights of service logon to $Env:WINRMUSER"
ntrights.exe ntrights +r SeServiceLogonRight -u $Env:WINRMUSER

# Git lab runner
$path = ".\gitlab-runner.exe"
If(!(test-path $path)) 
{
    "Downloading Gitlab Runner"
    Invoke-WebRequest -Uri "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-windows-386.exe" -OutFile $path -UseBasicParsing
}

"Scheduling runner to start at startup of the system"
schtasks.exe /create /tn "Gitlab Runner service start" /RU $Env:WINRMUSER /RP `"$Env:WINRMPASS`" /Sc ONSTART /tr "powershell -Command $pwd\register-gitlabrunner.ps1 -ExecutionPolicy Bypass"

There are obviously more scripts executed (install msbuild, install .net sdk 4.7.2, nugget, and git) I can provide them if relevant. Here I focus on the powershell code I came up with for the gitlab runner problem.

I want the virtual machine to start the runner on start so we just have to launch instances of the AMI to scale up.

To explain a bit more what I did try :

• You can see I am trying to create the desktop directory in order for windows to get that it can run interactive things... Not working
• I am setting up the SeServiceLogonRight in order to avoid the "failed to logon" error
• The user is Administrator, and the password is the right password
• The scheduled tasks is created and ready to run. Won't run on start, won't run If i start it through schtasks /Run (the last run time is never updated and show a value in 19XX)
• Tried to cmd /c the task command, everything work as expected
• I don't find any logs anywhere, event log seems to be empty of problem from Application, System and Powershell. The file in c:\Windows\Tasks\SchlogU (or something like that), does not exist (but the folder exists)
• I have no UI for the scheduler, I use a light version of windows so all I can do is play with the schtasks.exe
• Default folder is : c:\Users\Administrator
• The powershell script is pushed by packer onto the server and is located in c:\Users\Administrator (as for the gitlab-runner.exe)

I connect directly through RDP to try debugging the situation.

Here is the script that should be started

Set-Location $PSScriptRoot
$path = ".\gitlab-runner.exe"

"Stopping runner"
Invoke-Expression "$path stop"

"Unregistering previous configuration"
Invoke-Expression "$path unregister --all-runners"

"Uninstalling runner"
Invoke-Expression "$path uninstall"

"Installing runner"
Invoke-Expression "$path install"

"Registering Gitlab Runner"
Invoke-Expression "$path register --non-interactive --url 'https://URL_HERE/' --registration-token 'TOKEN HERE' --executor shell"

"Starting the runner"
Invoke-Expression "$path start"

I can install the runner only once in the configuration using the user and password but this is not the problem here since the task never runs...

Answer 1

Answer the question with what I came up thanks :

I was told by so many docs and answers everywhere that the task scheduler is the way to go when you need to start scripts at startup or logon. As I always worked with windows servers with GUIs, the Task Scheduler was working fine until now. Maybe I did something wrong somewhere, maybe not.

Anyway, after trying using powershell commands to create the task (with improvements but no sufficient solutions), I tried to put a command file in the C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp, did not work either.

the file look like this thanks to this link

PowerShell -Command "Set-ExecutionPolicy Unrestricted"
PowerShell -Command "c:\Users\Administrator\register-gitlabrunner.ps1" >> c:\startup.log.txt

I tried to delay the start of the script to 5 minutes after startup. Was to test if it was a problem with a slow initialization of network or something else. Still not working.

There is something preventing the script to be executed when it's launched at startup using this methods.

From there I added a persistent "user_data" script on my EC2 launch template in order to start what I was expecting on start. It works.

I don't feel it's the best way since I need to configure the template and not only the AMI but at least it works.

The script in user_data looks like this :

<script>
    cmd /c "C:/ProgramData/Microsoft/Windows/Start Menu/Programs/StartUp/startup.cmd"
</script>
<persist>true</persist>

I kept the installation and registering in the startup script since I got logon errors when I install gitlab runner through WinRM using the account credentials (--user --password)

I still don't understand what is up with this issue. I guess it's a problem with the account used to start the script (localsystem or something like that, that would conflict with the gitlab runner service). Since I have no GUI (the docs are mostly on GUI) and limited time, I won't investigate more for the moment and feel it's enough at least for the moment.

Hope this can help someone that will encounter the same situation