labutility is a windows server VM that does one important thing: acts as a jump host for powershell remoting. since macOS can’t do native WinRM, all remote management goes through it. it also runs RSAT tools for GPO editing and domain management.

it was time for a fresh install with server 2025. back up everything, nuke the disk, install from eval ISO.

the backup

the interesting files were GPO exports, security baselines, SSH config, and the remnants of an old AD certificate authority we’ll set up again later. 189 MB compressed, copied to two locations. the actual reinstall was uneventful.

the scheduled task saga

wanted to run an openclaw node service at startup so i can send commands to this VM remotely. should be simple: scheduled task, “run at startup,” done.

it took 3 hours.

attempt 1: task runs but exits immediately. network isn’t ready 0.2 seconds after boot. added a 30-second delay to the startup trigger.

attempt 2: task fails to start. “this user account does not have permission.” checked the password — correct in bitwarden. tried it manually — works. checked AD — account is locked out.

attempt 3: unlocked the AD account. still fails. reset the password entirely. now it works.

attempt 4: task starts, node connects, but disconnects after 10 seconds. the gateway has a 10-second timeout for node connections from SSH. increased it.

four problems, each requiring a different fix, each only discoverable after the previous one was resolved. this is why “just make it run at startup” is a lie.

the final config: startup trigger with 30-second delay, StartWhenAvailable as backup, freshly-reset credentials, longer gateway timeout.

:3