powershell - 通过 Start-Process 启动的脚本在 90% 的情况下都有效 - 当它“失败”时,它只是变成了一个僵尸并且不执行第一行代码
问题描述
(解决了)
任务计划程序启动一个 powershell 作业(没有人登录,该任务有一个保存的用户),然后通过 Start-Process 从 Powershell 启动一个 CMD 文件,并且该命令文件成功地在另一个具有正确参数的脚本上启动 powershell。然而,那个 ps1 脚本似乎只运行了 90% 的时间。其他 10% 甚至不执行第一行。我被难住了,所以这里是基础知识以及我可以在 Windows 日志中看到的内容......
$DailyDir = "\\MACHINE-NAME\PathToStuff\Daily"
$BatchDir = "$DailyDir\BatchFiles"
$MobileMonCMD = "$BatchDir\MobileMonitor.cmd"
$currentHour = Get-Date -Format "HH"
$BackGroundPID = (Start-Process -FilePath $MobileMonCMD -ArgumentList $currentHour -WindowStyle Hidden -WorkingDirectory $BatchDir -PassThru).Id
我已经验证 cmd 即使在“失败”时也能运行。它出现在 Windows 事件查看器中,我可以看到它创建了对我想在后台运行的 powershell 脚本的调用。CMD 文件内容为:
@ECHO OFF
powershell "& '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' %1"
MobileMonitor.ps1 中的第一行代码是:
Start-Transcript -OutputDirectory "C:\Projects\Logs\MobileMonitor"
当我的脚本成功时,我会得到一份完整的成绩单。如果不是,则不会生成任何内容。
奇怪的部分是该运行的powershell进程仍在运行(我能够通过跟踪windows事件来确定其分配的PID)。
下面,我包含了审计事件,显示上午 11 点启动.. 一切看起来都很好,除了这个从未执行过“Start-Transcript”。同样,这在 90% 的情况下都可以正常工作。我得到一个很好的成绩单文件。但是另外 10% 让我很难过。
获取 \\MACHINE-NAME\PathToStuff\etc 文件是否有问题?就像它不能拉文件一样,所以它决定作为一个僵尸powershell进程什么都不做?
任何建议表示赞赏。附带说明一下,我有几十个脚本从那个位置运行。这是唯一一个抱怨的人(也是唯一一个从 Start-Process 启动的人)。
以下是显示上午 11 点一直到可用引擎的窗口审计事件:
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 400
Task Category: Engine Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Engine state is changed from None to Available.
Details:
NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=5.1.14393.3471
RunspaceId=1eee2a6e-95f9-40be-ac2d-707c2d0afe44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">400</EventID>
<Level>4</Level>
<Task>4</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.442775300Z" />
<EventRecordID>62810</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>Available</Data>
<Data>None</Data>
<Data> NewEngineState=Available
PreviousEngineState=None
SequenceNumber=13
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=5.1.14393.3471
RunspaceId=1eee2a6e-95f9-40be-ac2d-707c2d0afe44
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Provider "Variable" is Started.
Details:
ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">600</EventID>
<Level>4</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.442775300Z" />
<EventRecordID>62809</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>Variable</Data>
<Data>Started</Data>
<Data> ProviderName=Variable
NewProviderState=Started
SequenceNumber=11
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Provider "Function" is Started.
Details:
ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">600</EventID>
<Level>4</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.427147700Z" />
<EventRecordID>62808</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>Function</Data>
<Data>Started</Data>
<Data> ProviderName=Function
NewProviderState=Started
SequenceNumber=9
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Provider "FileSystem" is Started.
Details:
ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">600</EventID>
<Level>4</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.427147700Z" />
<EventRecordID>62807</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>FileSystem</Data>
<Data>Started</Data>
<Data> ProviderName=FileSystem
NewProviderState=Started
SequenceNumber=7
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Provider "Environment" is Started.
Details:
ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">600</EventID>
<Level>4</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.427147700Z" />
<EventRecordID>62806</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>Environment</Data>
<Data>Started</Data>
<Data> ProviderName=Environment
NewProviderState=Started
SequenceNumber=5
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Provider "Alias" is Started.
Details:
ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">600</EventID>
<Level>4</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.427147700Z" />
<EventRecordID>62805</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>Alias</Data>
<Data>Started</Data>
<Data> ProviderName=Alias
NewProviderState=Started
SequenceNumber=3
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Windows PowerShell
Source: PowerShell
Date: 8/11/2020 11:34:15 AM
Event ID: 600
Task Category: Provider Lifecycle
Level: Information
Keywords: Classic
User: N/A
Computer: Machine.Domain.com
Description:
Provider "Registry" is Started.
Details:
ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="PowerShell" />
<EventID Qualifiers="0">600</EventID>
<Level>4</Level>
<Task>6</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.427147700Z" />
<EventRecordID>62804</EventRecordID>
<Channel>Windows PowerShell</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data>Registry</Data>
<Data>Started</Data>
<Data> ProviderName=Registry
NewProviderState=Started
SequenceNumber=1
HostName=ConsoleHost
HostVersion=5.1.14393.3471
HostId=2d2852c6-19d0-46c4-bca8-d8528b46eb96
HostApplication=powershell & '\\MACHINE-NAME\PathToStuff\Daily\BatchFiles\MobileMonitor.ps1' 11
EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=</Data>
</EventData>
</Event>
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 8/11/2020 11:34:15 AM
Event ID: 4688
Task Category: Process Creation
Level: Information
Keywords: Audit Success
User: N/A
Computer: Machine.Domain.com
Description:
A new process has been created.
Creator Subject:
Security ID: DOMAIN\Admin-User
Account Name: Admin-User
Account Domain: DOMAIN
Logon ID: 0x1B20BED0
Target Subject:
Security ID: NULL SID
Acco## Heading ##unt Name: -
Account Domain: -
Logon ID: 0x0
Process Information:
New Process ID: 0x1e90
New Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Token Elevation Type: %%1936
Mandatory Label: Mandatory Label\High Mandatory Level
Creator Process ID: 0x1c28
Creator Process Name: C:\Windows\System32\cmd.exe
Process Command Line:
Token Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.
Type 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.
Type 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.
Type 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4688</EventID>
<Version>2</Version>
<Level>0</Level>
<Task>13312</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2020-08-11T15:34:15.011474000Z" />
<EventRecordID>20585449</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="4796" />
<Channel>Security</Channel>
<Computer>Machine.Domain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-21-1067277609-22629781-1543857936-67791</Data>
<Data Name="SubjectUserName">Admin-User</Data>
<Data Name="SubjectDomainName">DOMAIN</Data>
<Data Name="SubjectLogonId">0x1b20bed0</Data>
<Data Name="NewProcessId">0x1e90</Data>
<Data Name="NewProcessName">C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe</Data>
<Data Name="TokenElevationType">%%1936</Data>
<Data Name="ProcessId">0x1c28</Data>
<Data Name="CommandLine">
</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">-</Data>
<Data Name="TargetDomainName">-</Data>
<Data Name="TargetLogonId">0x0</Data>
<Data Name="ParentProcessName">C:\Windows\System32\cmd.exe</Data>
<Data Name="MandatoryLabel">S-1-16-12288</Data>
</EventData>
</Event>
解决方案
一位 Windows 极客朋友建议我可能有竞争条件,因为它在没有人登录的服务器上运行,因此对新后台 powershell 进程的调用必须建立其环境。他认为有时它可能无法及时访问 \\MACHINE-NAME\PathToFiles\ps1Script 区域以进行调用。
为了测试这一点,我将代码移动到服务器上的 C 驱动器,它现在可以 100% 运行。我在 \\NO-MACHINE 位置上的所有其他作业都可以从任务调度程序正常运行,但这是唯一从 Start-Process 启动的作业。如果有人可以向我解释 Start-Process 有什么问题,或者有一种方法可以让它拥有一个完整的网络环境来调用脚本,我很乐意把代码放回去。
现在,我很高兴问题得到了解决,但是将代码保留在服务器上而不是我的集中存储库上会让我烦恼不已。;)
推荐阅读
- apache-spark - 根据另一个表spark sql计算每一行
- ejs - 如何阻止 csslint 和 jshint 在 Atom 中对我的 EJS 进行 linting?
- openstack - Openstack HEAT:通过 HEAT 模板手动将新实例添加到现有堆栈
- python - python - 列出熊猫数据框
- android - 如何使底部导航栏可见?
- php - PHP中变量周围的括号有什么作用?
- python - Discord Python - 如何让 BOT 说出频道的所有消息?
- firebase - Firebase“.write”规则在模拟器中无法按预期工作
- node.js - NodeJS - 摩根立即选项默认值
- php - 对讲 API CURL 出现错误“代码”:“400”,“消息”:“必须提供用户电子邮件、用户 ID 或匿名 ID”