Troubleshoot Your Windows Scheduler

The 5 Spets Checklist!

#	Step	Description	Example
1	See the big picture	Open the Event Viewer to locate event	Dialog displays event source, ID, level, category, host etc. Task Scheduler did not launch task -“\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents” because instance “{92e4bd81-96af-4a12-987f-3e83d80dd116}” of the same task is already running. Log Name: Microsoft-Windows-TaskScheduler/Operational Source: Microsoft-Windows-TaskScheduler Date: 10/28/2018 1:21:28 PM Event ID: 322 Task Category: Launch request ignored, instance already running Level: Warning Keywords: User: SYSTEM Computer: BILBO.mordor.local
2	Dive deeper	Locate related logged events for additional information	System section presents Process ID, the thread, and Security ID Guid=”{DE7B24EA-73C8-4A09-985D-5BDADCFA9017}” /> 322 0 3 322 0 0x8000000000000000 200241 Microsoft-Windows-TaskScheduler/Operational BILBO.mordor.local
3	Comprehend context	Use Event Data to understand the actual nature of the event and additional contextual data	Log indicates memory issue \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents {92E4BD81-96AF-4A12-987F-3E83D80DD116}
4	Find	Examine relevant log files for root cause	Security log reveals a security issue with the task’s security privileges Privileges: SeTcbPrivilege Audit Failure 10/28/2018 13:21:28 BILBO MORDOR Microsoft-Windows-Security-Auditing 13056 4673 A privileged service was called Privilege Use Sensitive Privilege Use / Non-Sensitive Privilege Use 0x00000000000D10EB BILBO.mordor.local A privileged service was called. It also shows that the problems was caused by taskhostw.exe, and gives us the process’s ID and full path Process: Process ID: 0x0000000000000EBC Process Name: C:\Windows\System32\taskhostw.exe
5	Research problem	Search the Internet for additional information and solutions	Problems with taskhostw.exe related to malware, or a defective windows component.