WSL cannot be run by scheduled task

[D3vil0p3r]

Windows Version

Microsoft Windows [Version 10.0.20348.2031]

WSL Version

WSL-Version: 1.2.5.0

Are you using WSL 1 or WSL 2?

• WSL 2
• WSL 1

Kernel Version

Linux version 5.15.90.1-microsoft-standard-WSL2 (oe-user@oe-host) (x86_64-msft-linux-gcc (GCC) 9.3.0, GNU ld (GNU Binutils) 2.34.0.20200220) # 1 SMP Fri Jan 27 02:56:13 UTC 2023

Distro Version

Ubuntu 22.04

Other Software

No response

Repro Steps

On Windows Server 2022 open the Task Scheduler and create a new task.

In the Properties of this task, under Triggers, set:

Actions tab, create an action like:

Tested with this configuration:

When launched, the task will exit with 0x1 status (see details below) and running:

wsl -l --running

we don't get Ubuntu WSL.

I am aware of #8835 where it is shown a workaround but it seems to not work in order to start WSL.

The user used for this task belongs to Administrators group that is tied with Log on as a batch job.

Expected Behavior

Scheduled task ended by 0x0 code status.

Actual Behavior

Scheduled task ended by 0x1 code status and it failed in "Action completed" task category with the following message:

Task Scheduler successfully completed task "\Start task-name" , instance "{be3a337a-71ea-4580-87bd-10b162076149}" , action "C:\Windows\System32\wsl.exe" with return code 2147942401.

Diagnostic Logs

No response

[aki-k]

@D3vil0p3r Please follow these steps to run a WSL 2 instance at system startup through the Task Scheduler service:

#9231 (comment)

You need to observe these restrictions to be able to do that:

1. remove local admin rights from the user (Windows_username) that is running the new Task Scheduler task

2. add "Log on as a batch job" right for the user that is setup for the Task Scheduler task (Windows_username) in secpol.msc Security Settings/Local Policies/User Rights Assignment/Log on as a batch job

3. you can not run the wsl.exe command once logged into Windows with the same username (Windows_username) that you setup in the Task Scheduler task. If you do, the WSL 2 instance stops. Even a "wsl -l -v" command to list the WSL 2 instances will stop the WSL 2 instance

4. don't use Microsoft systemd implementation (/etc/wsl.conf: systemd=true) but use Damion Gans' systemd implementation https://github.com/DamionGans/ubuntu-wsl2-systemd-script

   that repository is set to read-only mode for some reason, but it still works after these changes:

   change basic.target to multi-user.target in both start-systemd-namespace and enter-systemd-namespace

   change enter-systemd-namespace according to this comment's shell script fragment

   nsenter: cannot open /proc/320/ns/time: No such file or directory DamionGans/ubuntu-wsl2-systemd-script#36 (comment)

   run "bash ubuntu-wsl2-systemd-script.sh" to enable it for the next startup

[OneBlue]

/dupe 9231

[D3vil0p3r]

@aki-k I'm not using a local admin account. I'm using a domain account that belongs to the group Administrators. Should I remove it from Administrators group to satisfy the 1. point?

[aki-k]

@D3vil0p3r If you mean the local group Administrators then probably yes.

Edit: I created a separate local user account with no local Administrator group membership just for this "start WSL 2 at startup" task.

[D3vil0p3r]

@D3vil0p3r If you mean the local group Administrators then probably yes.

Ok. So, there are some points I don't understand:

1. If I remove the domain user account from "Adminstrators" group, why in the creation of the scheduled task I should set "Run with highest privileges"? I guess it will be useless since my domain account is not more administrator of the local server
2. On the linked issue Store WSL isn't accessible from Session 0 #9231 (comment) , it is reported to run ""C:\Program Files\nssm\win64\nssm.exe" remove startwsl confirm", but I don't have nssm folder. Should I install something?

[aki-k]

@D3vil0p3r That point 1. might be unnecessary after removing the local Administrator group membership.

Point 2. was meant for the scenario when you want to create a Windows service to start up the WSL 2 instance at startup of the system. NSSM is a third party software to easily define Windows services.

[D3vil0p3r]

Ok. Once I set everything and I run the scheduled task, since you said I cannot login with the same username and running some wsl command, how can I know that WSL is actually running correctly on startup and it is up by my domain user account?

[aki-k]

@D3vil0p3r I use ssh or xpra to access it at localhost:22 (needs of course sshd or xpra installed in the WSL 2 instance to do it and enabling sshd password access (or sshd key setup)

[D3vil0p3r]

It is not working. On WSL Ubuntu I setup correctly the SSH service and I tested it runs correctly. About the scheduled task, what I did is on my Windows Server 2022:

• Remove the domain account from Administrators group, so this account is not an admin of the machine anymore
• secpol.msc - Security Settings - Local Policies - User Rights Assignment - Log on as a batch job - added my domain account to this list
• Create a new scheduled task in taskschd.msc

Actions - Create task - General - Name: startwsl
Actions - Create task - General - Description: startwsl
Actions - Create task - General - Security options: Use the following user account: Change User or Group: enter your username
Run whether user is logged on or not
Run with highest privileges
Configure for: Windows Server 2022
Triggers: New: Begin the task: At startup
Actions: New: Action: Start a program
Actions: New: Action: Program/script: C:\Windows\System32\cmd.exe
Actions: New: Action: Add arguments: /k C:\Windows\System32\wsl.exe --distribution Ubuntu -u root service ssh start
Conditions: uncheck all checkboxes
Settings: Allow task to be run on demand

Then, on the Windows Server I ensure that this domain user account is not logged in, and I use a different user account to run the created scheduled task and to run Putty to check if I can access to the SSH service inside WSL. When I manually trigger the scheduled task, SSH service is not running, so I guess WSL is not starting correctly on behalf of the previous cited domain user.

Note that I'm not using systemd for running services. I'm using init.d for running sshd

[aki-k]

@D3vil0p3r Unfortunately I don't use a Windows domain or Windows Server os.

[aki-k]

@D3vil0p3r Did you notice that I couldn't make it work with Microsoft's systemd implementation?

[D3vil0p3r]

@D3vil0p3r Did you notice that I couldn't make it work with Microsoft's systemd implementation?

What do you mean

[aki-k]

@D3vil0p3r I wrote about it here

#9231 (comment)

[OneBlue]

/dupe #9231

[microsoft-github-policy-service]

Hi! We've identified this issue as a duplicate of another one that already exists in this repository. This specific instance is being closed in favor of tracking the concern over on the referenced thread.

Thanks for your report!