This is an old revision of the document!
My script works fine when executed manually, but fails or hangs when run by Windows Scheduler, SSIS or other automation service. What am I doing wrong?
You probably depend on your configuration of WinSCP or your Windows account permissions or environment.
Possible consequences are:
- The script fails (or “hangs”), because the host key (SFTP or SCP) or certificate (FTPS, WebDAVS) is not known by the service’s account, and WinSCP fails (or asks for) its verification.
- The connection fails, because your script depends on site, which is not known by the service’s account; or the local account that runs the service does not have a network access.
- Environment variables referenced in script are not resolved, because they are not set by the service’s account.
- Access to files on mapped network drives fails, because the drives are not mapped for the service’s account.
- You rely on Pageant authentication, but the Pageant is running in a different Windows session, so it cannot talk to an automated instance of WinSCP.
Advertisement
Note that when using registry as configuration storage, the settings are accessible only for your Windows account. When the script is run from Windows Scheduler, SSIS, DTS or other automation service, it is typically run under different (service) account that cannot access your configuration.
To check what configuration storage is used, whether a site name was recognized or under what Windows account the script is running, inspect a beginning of session log. For example, following log shows that the configuration was read from Windows registry, the script was running under local account martin
and mysession
was recognized as a site name.
-------------------------------------------------------------------------- WinSCP Version 5.5.6 (Build 4746) (OS 6.1.7601 Service Pack 1 - Windows 7 Ultimate) Configuration: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ Local account: INTRANET\martin ... Login time: 08 January 2015 08:55:53 -------------------------------------------------------------------------- Session name: mysession (Site)
If there was no such site in current configuration storage (Windows registry in this case), mysession
(as passed to open
command) would be interpreted as host name and the log line would say:
Session name: mysession (Ad-hoc session)
Solutions:
- Specify fingerprint of expected host key or certificate explicitly in the script.1
- Configure your session completely using
open
command, using session URL (and raw session settings, if needed), instead of storing site.- Good practice is to develop your scripts with configuration isolated from GUI.
- Alternatively use INI file instead of registry to store the configuration to make sure the site (and/or other settings) can be accessed by all accounts.2
- Use an UNC path to a shared folder, instead of a path to the drive mapped to the shared folder. Make sure the service’s account has an access to the shared folder.
- Instead of Pageant authentication, use explicit private key authentication (using
-privatekey
and-passphrase
switches).
Advertisement
If you are able to log in with WinSCP GUI, have it generate a portable script for you.
When dealing with SSIS see also guide to SFTP task in SSIS.
See also:
- More generic article on making WinSCP work in a new environment (operating system, machine, user account, network) and
- Debugging transfer task running in Windows Scheduler, SSIS or other automation service.
- Alternatively make sure the host key or certificate is verified under the service’s account.Back
- You can also transfer the site (and/or other settings) to the service’s account instead.Back