Differences
This shows you the differences between the selected revisions of the page.
| faq_scheduler 2016-06-02 | faq_scheduler 2021-10-07 (current) | ||
| Line 1: | Line 1: | ||
| ====== My script works fine when executed manually, but fails or hangs when run by Windows Scheduler, SSIS or other automation service. What am I doing wrong? ====== | ====== My script works fine when executed manually, but fails or hangs when run by Windows Scheduler, SSIS or other automation service. What am I doing wrong? ====== | ||
| - | You probably depend on your configuration of WinSCP or your Windows account environment. | ||
| - | Possible consequences are: | + | Your script probably depends on your configuration of WinSCP or your local Windows account permissions or environment. |
| - | * The script fails (or "hangs"), because the [[ssh_verifying_the_host_key|host key]] ([[SFTP]] or [[SCP]]) or [[tls#certificate|certificate]] (FTPS, WebDAVS) is not known by the service's account, and WinSCP fails (or asks for) its verification. | + | |
| - | * The connection fails, because your script depends on [[session_configuration#site|site]], which is not known by the service's account. | + | ===== [[config]] Configuration ===== |
| - | * Environment variables referenced in script are not resolved, because they are not set by the service's account. | + | |
| - | * Access to files on mapped network drives fails, because the drives are not mapped for the service's account. | + | There are two common problems that can be caused by relying on external configuration: |
| - | * You rely on [[ui_pageant|Pageant authentication]], but the Pageant is running in a different Windows session, so it cannot talk to an automated instance of WinSCP.((Learn about [[https://blogs.technet.microsoft.com/voy/2007/02/23/services-isolation-in-session-0-of-windows-vista-and-longhorn-server/|Windows Session 0 isolation]].)) | + | * Your script might fail,((Or "hang" in old versions of WinSCP)) because the [[ssh_verifying_the_host_key|host key]] ([[SFTP]] or [[SCP]]) or [[tls#certificate|certificate]] (FTPS, WebDAVS, S3) is not known by the service's account, and WinSCP fails its verification. |
| + | * The connection fails, because your script depends on [[session_configuration#site|site]], which is not known by the service's account; or the local account that runs the service does not have a network access. | ||
| Note that when using registry as [[config|configuration storage]], the settings are accessible only for your Windows account. When the script is run from Windows Scheduler, SSIS, DTS or other automation service, it is typically run under different (service) account that cannot access your configuration. | Note that when using registry as [[config|configuration storage]], the settings are accessible only for your Windows account. When the script is run from Windows Scheduler, SSIS, DTS or other automation service, it is typically run under different (service) account that cannot access your configuration. | ||
| Line 15: | Line 15: | ||
| <code> | <code> | ||
| -------------------------------------------------------------------------- | -------------------------------------------------------------------------- | ||
| - | WinSCP Version 5.5.6 (Build 4746) (OS 6.1.7601 Service Pack 1 - Windows 7 Ultimate) | + | WinSCP Version 5.15.3 (Build 9730) (OS 10.0.18362 - Windows 10 Enterprise) |
| - | Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ | + | Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ |
| + | Log level: Normal | ||
| Local account: INTRANET\martin | Local account: INTRANET\martin | ||
| ... | ... | ||
| Line 33: | Line 34: | ||
| * [[scripting#hostkey|Specify fingerprint of expected host key or certificate]] explicitly in the script. ((Alternatively make sure the [[ssh_verifying_the_host_key|host key]] or [[tls#certificate|certificate]] is verified under the service's account.)) | * [[scripting#hostkey|Specify fingerprint of expected host key or certificate]] explicitly in the script. ((Alternatively make sure the [[ssh_verifying_the_host_key|host key]] or [[tls#certificate|certificate]] is verified under the service's account.)) | ||
| * Configure your session completely using ''[[scriptcommand_open|open]]'' command, using [[session_url|session URL]] (and [[rawsettings|raw session settings]], if needed), instead of storing [[session_configuration#site|site]]. | * Configure your session completely using ''[[scriptcommand_open|open]]'' command, using [[session_url|session URL]] (and [[rawsettings|raw session settings]], if needed), instead of storing [[session_configuration#site|site]]. | ||
| - | * Alternatively use [[config|INI file]] instead of registry to store the configuration to make sure the [[session_configuration#site|site]] (and/or other settings) can be accessed by all accounts. ((You can also [[config#transfer|transfer the site]] (and/or other settings) to the service's account instead.)) | ||
| * Good practice is to develop your scripts with [[scripting#configuration|configuration isolated from GUI]]. | * Good practice is to develop your scripts with [[scripting#configuration|configuration isolated from GUI]]. | ||
| - | ··* Use an UNC path to a shared folder, instead of a path to the drive mapped to the shared folder. Make sure the service's account has an access to the shared folder. | + | ····* Alternatively use [[config|INI file]] instead of registry to store the configuration to make sure the [[session_configuration#site|site]] (and/or other settings) can be accessed by all accounts. ((You can also [[config#transfer|transfer the site]] (and/or other settings) to the service's account instead.)) |
| - | * Instead of Pageant authentication, use explicit private key authentication (using ''[[scriptcommand_open|-privatekey]]'' and ''[[scriptcommand_open|-passphrase]]'' switches). | + | |
| + | ===== [[variables]] Environment variables ===== | ||
| + | |||
| + | If your script refers to //user// environment variables, they won't be resolved, if your script run user the service's account. | ||
| + | |||
| + | ===== [[drives]] Mapped Network Drives ===== | ||
| + | |||
| + | If your script refers to mapped network drives, it may fail if those drives are not mapped under the services' account or if the account does not even have an access to the network drive. | ||
| + | |||
| + | Use an UNC path to a shared folder, instead of a path to the drive mapped to the shared folder. Make sure the service's account has an access to the shared folder. | ||
| + | |||
| + | ===== [[pageant]] Authentication Agent (Pageant) ===== | ||
| + | |||
| + | Your script might (intentionally or not) rely on [[ui_pageant|Pageant authentication]], but the Pageant is running in a different Windows session, so it cannot talk to an automated instance of WinSCP (due to Windows session isolation). | ||
| + | |||
| + | Instead of Pageant authentication, use explicit private key authentication (using ''[[scriptcommand_open|-privatekey]]'' and ''[[scriptcommand_open|-passphrase]]'' switches). | ||
| + | |||
| + | ===== General Recommendations ===== | ||
| + | |||
| + | If you are able to log in with WinSCP GUI, [[ui_generateurl#script|have it generate a portable script for you]]. The generated script takes care of many of the issues mentioned above. | ||
| When dealing with SSIS see also guide to [[guide_ssis|SFTP task in SSIS]]. | When dealing with SSIS see also guide to [[guide_ssis|SFTP task in SSIS]]. | ||
| - | See also: | + | ===== Further Reading ===== |
| - | * More generic article on [[faq_environment|making WinSCP work in a new environment (operating system, machine, user account, network)]] and | + | |
| - | * [[guide_debugging_scheduler|Debugging transfer task running in Windows Scheduler, SSIS or other automation service]]. | + | * More generic article [[faq_environment|*]] and |
| + | * [[guide_debugging_scheduler|*]]. | ||