Management Agent not found Scheduled Task

[rschre]

I have a Script which runs "Get-ManagementAgent -Name $Maname. The script runs fine when I start it from the shell, when I start the script in a scheduled task the following error is logged:

PSMessageDetails : Exception : System.InvalidOperationException: Management agent Equitrac Import was not found at Lithnet.Miiserver.Client.ManagementAgent.MANameToID(String name) at Lithnet.Miiserver.Client.ManagementAgent.GetManagementAgent(String name) at Lithnet.Miiserver.Automation.MiisController.GetManagementAgent(String name, Boolean reload) at Lithnet.Miiserver.Automation.GetManagementAgent.ProcessRecord() at System.Management.Automation.CommandProcessor.ProcessRecord() TargetObject : CategoryInfo : NotSpecified: (:) [Get-ManagementAgent], InvalidOperationException FullyQualifiedErrorId : System.InvalidOperationException,Lithnet.Miiserver.Automation.GetManagemen tAgent ErrorDetails : InvocationInfo : System.Management.Automation.InvocationInfo ScriptStackTrace : at , D:\MIMConfig\Scripts\Invoke-HourlyMARuns.ps1: line 82 at , : line 1 PipelineIterationInfo : {}

The MA "Equitrac Import" does exist.

[ryannewington]

Hi @rschre,

The sync engine's COM components do not like impersonation, which is what scheduled tasks use to run something as a user.

How is the scheduled task configured to run? Under a domain account with the password saved?

@Manjunath-hk1 I think we ran into something similiar in our environment. Do you know if we solved it?

Have you had a look at using AutoSync for scheduling your MA runs?

Ryan

[rschre]

Hi @ryannewington Thank you for replying so quickly! Ah I see, yes the scheduled task is configured to run under a domain account with the password saved.

I just found out about AutoSync today after I already changed my old script to work with the Lithnet-Module. You think I would benefit greatly from installing AutoSync?

[ryannewington]

That configuration is the best chance of having it working. I'll ask around but I know it's been an issue running tasks against miis before. It's not a lithnet specific thing.

Yeah i do recommend autosync instead of manually running profiles. It's very intelligent about what it does. You tell autosync when to import (either on a schedule or when there is a known change in a connected system), and it automatically determines what syncs and exports are required. Even if you do something as simple as running hourly imports, it's going to automate the rest for you. Very easy to set up.

[rschre]

It does work when I run the scheduled Task with an account that is a local Administrator. Can't really explain the behavior.

I will check out AutoSync, thank you!

[Manjunath-hk1]

Hi Ryan,

I think the domain account need to have the 'log on as service' right to execute script in scheduled task.

We are no longer using the scheduled task after moving to tier model, there was a conflicting situation.I will discuss this with you.

@rschre,

Lithnet Autosync is an awesome tool which has various combinations to customise the scheduling/auto trigger using scrits and also the processing of imports and exports are executed in an efficient sequence.I can help you if you need any inputs.

Thanks, Manju

On Tue, Jul 23, 2019, 20:03 rschre <notifications@github.com wrote:

It does work when I run the scheduled Task with an account that is a local Administrator. Can't really explain the behavior.

I will check out AutoSync, thank you!

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/lithnet/miis-powershell/issues/24?email_source=notifications&email_token=AGLWGYUQFE4GRXJTHUDZJA3QA3JPRA5CNFSM4IGCBXZ2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2STMEY#issuecomment-514143763, or mute the thread https://github.com/notifications/unsubscribe-auth/AGLWGYWHISMZIYJKKMCVG5LQA3JPRANCNFSM4IGCBXZQ .

[rschre]

@manjunath-hk1

Thank you for your help, I'll start with the documentation and get back to you if any questions arise.

[Manjunath-hk1]

@rschre : Sorry the access right need to be "logon as a batch" and should be member of FIM Sync access groups. Let us know if this resolves the issue.

[rschre]

@Manjunath-hk1 The user had "logon as batch job" and was member of MIMSyncAdmins. I don't think it's a permission issue, since the scheduled task ran the script and the script could be executed when logged in as the user without an issue.