Windows --unattended doesn't start on boot until at least one login

[12nick12]

What is the issue?

Have to run "C:\Program Files (x86)\Tailscale IPN\tailscale.exe" up --login-server=https://scale.domain.com --unattended for it to start.

I was under that understanding that --unattended would make it start automatically.

Steps to reproduce

Have to run "C:\Program Files (x86)\Tailscale IPN\tailscale.exe" up --login-server=https://scale.domain.com --unattended for it to start

Are there any recent changes that introduced the issue?

No response

OS

No response

OS version

Windows 10

Tailscale version

1.16.1

Bug report

No response

[jazzdan]

I have an EC2 user data script that looks like this (Pulumi code for reference):

  const windowsUserData = `<powershell>
Start-Transcript -Path "C:\\UserData.log" -Append
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
choco install tailscale -y
& "C:\\Program Files (x86)\\Tailscale IPN\\tailscale.exe" up --authkey=${tailscale_auth_key} --accept-dns --accept-routes --unattended
</powershell>`;

  const windows_build = new aws.ec2.Instance("windows build", {
    ami: "ami-08c213ebdf7b857c2",
    instanceType: "t2.2xlarge",
    associatePublicIpAddress: true,
    tags: {
      Name: "pulumi windows build",
    },
    rootBlockDevice: {
      volumeSize: 128,
    },
    keyName: "foo",
    vpcSecurityGroupIds: [sg.id],
    subnetId: publicSubnets[0],
    userData: windowsUserData,
    getPasswordData: true,
  });

When I start this EC2 instance the machine briefly appears in my Tailscale list of machines on login.tailscale.com. However it quickly disconnects. When I RDP in to the Windows box I see that Tailscale is running but is not authorized (it asks me to sign in). The logs for the user data script don't show any failures, but also don't show any output from Tailscale which is weird. If I wasn't seeing it connect briefly in the Tailscale console I would assume that my 24 hours of powershell experience has led me down a bad path, but it's clearly working at least temporarily:

PS C:\> cat C:\ProgramData\Amazon\EC2-Windows\Launch\Log\UserdataExecution.log
2021/11/05 14:58:07Z: Userdata execution begins
2021/11/05 14:58:07Z: Zero or more than one <persist> tag was not provided
2021/11/05 14:58:07Z: Unregistering the persist scheduled task
2021/11/05 14:58:10Z: Zero or more than one <runAsLocalSystem> tag was not provided
2021/11/05 14:58:10Z: Zero or more than one <script> tag was not provided
2021/11/05 14:58:10Z: Zero or more than one <powershellArguments> tag was not provided
2021/11/05 14:58:10Z: <powershell> tag was provided.. running powershell content
2021/11/05 15:07:04Z: Userdata execution begins
2021/11/05 15:07:04Z: Zero or more than one <persist> tag was not provided
2021/11/05 15:07:04Z: Unregistering the persist scheduled task
2021/11/05 15:07:09Z: Zero or more than one <runAsLocalSystem> tag was not provided
2021/11/05 15:07:09Z: Zero or more than one <script> tag was not provided
2021/11/05 15:07:09Z: Zero or more than one <powershellArguments> tag was not provided
2021/11/05 15:07:09Z: <powershell> tag was provided.. running powershell content
2021/11/05 15:07:56Z: Message: The errors from user scripts: Success.

2021/11/05 15:07:56Z: Message: The output from user scripts: Transcript started, output file is C:\UserData.log
Forcing web requests to allow TLS v1.2 (Required for requests to Chocolatey.org)
Getting latest version of the Chocolatey package for download.
Not using proxy.
Getting Chocolatey from https://community.chocolatey.org/api/v2/package/chocolatey/0.11.3.
Downloading https://community.chocolatey.org/api/v2/package/chocolatey/0.11.3 to C:\Users\ADMINI~1\AppData\Local\Temp\chocolatey\chocoInstall\chocolatey.zip
Not using proxy.
Extracting C:\Users\ADMINI~1\AppData\Local\Temp\chocolatey\chocoInstall\chocolatey.zip to C:\Users\ADMINI~1\AppData\Local\Temp\chocolatey\chocoInstall
Installing Chocolatey on the local machine
Creating ChocolateyInstall as an environment variable (targeting 'Machine')
  Setting ChocolateyInstall to 'C:\ProgramData\chocolatey'
WARNING: It's very likely you will need to close and reopen your shell
  before you can use choco.
Restricting write permissions to Administrators
We are setting up the Chocolatey package repository.
The packages themselves go to 'C:\ProgramData\chocolatey\lib'
  (i.e. C:\ProgramData\chocolatey\lib\yourPackageName).
A shim file for the command line goes to 'C:\ProgramData\chocolatey\bin'
  and points to an executable in 'C:\ProgramData\chocolatey\lib\yourPackageName'.

Creating Chocolatey folders if they do not already exist.

WARNING: You can safely ignore errors related to missing log files when
  upgrading from a version of Chocolatey less than 0.9.9.
  'Batch file could not be found' is also safe to ignore.
  'The system cannot find the file specified' - also safe.
chocolatey.nupkg file not installed in lib.
 Attempting to locate it from bootstrapper.
PATH environment variable does not have C:\ProgramData\chocolatey\bin in it. Adding...
WARNING: Not setting tab completion: Profile file does not exist at
'C:\Users\Administrator\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1'.
Chocolatey (choco.exe) is now ready.
You can call choco from anywhere, command line or powershell by typing choco.
Run choco /? for a list of functions.
You may need to shut down and restart powershell and/or consoles
 first prior to using choco.
Ensuring Chocolatey commands are on the path
Ensuring chocolatey.nupkg is in the lib folder
Chocolatey v0.11.3
Installing the following packages:
tailscale
By installing, you accept licenses for the packages.

Progress: Downloading tailscale 1.16.2... 11%
Progress: Downloading tailscale 1.16.2... 34%
Progress: Downloading tailscale 1.16.2... 56%
Progress: Downloading tailscale 1.16.2... 78%
Progress: Downloading tailscale 1.16.2... 100%

tailscale v1.16.2 [Approved]
tailscale package files install completed. Performing other installation steps.
[Subject]
  CN=Tailscale Inc., O=Tailscale Inc., L=Toronto, S=Ontario, C=CA, SERIALNUMBER=1131559-5, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=CA

[Issuer]
  CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

[Serial Number]
  0E058A16664C25DA52C81DBF23ACD75F

[Not Before]
  03/11/2020 00:00:00

[Not After]
  05/18/2021 12:00:00

[Thumbprint]
  DEE8D4EF882C2C255D879EF109C1DB9CF743476E

Downloading tailscale
  from 'https://pkgs.tailscale.com/stable/tailscale-ipn-setup-1.16.2.exe'

Progress: 0% - Saving 53.88 KB of 22.87 MB
Progress: 0% - Saving 192 KB of 22.87 MB
Progress: 1% - Saving 352 KB of 22.87 MB
Progress: 2% - Saving 512 KB of 22.87 MB
Progress: 2% - Saving 672 KB of 22.87 MB
Progress: 3% - Saving 832 KB of 22.87 MB
Progress: 4% - Saving 992 KB of 22.87 MB
Progress: 4% - Saving 1.13 MB of 22.87 MB
Progress: 5% - Saving 1.28 MB of 22.87 MB
Progress: 6% - Saving 1.44 MB of 22.87 MB
Progress: 6% - Saving 1.59 MB of 22.87 MB
Progress: 7% - Saving 1.75 MB of 22.87 MB
Progress: 8% - Saving 1.91 MB of 22.87 MB
Progress: 9% - Saving 2.06 MB of 22.87 MB
Progress: 9% - Saving 2.22 MB of 22.87 MB
Progress: 10% - Saving 2.38 MB of 22.87 MB
Progress: 11% - Saving 2.53 MB of 22.87 MB
Progress: 11% - Saving 2.69 MB of 22.87 MB
Progress: 12% - Saving 2.84 MB of 22.87 MB
Progress: 13% - Saving 3 MB of 22.87 MB
Progress: 13% - Saving 3.16 MB of 22.87 MB
Progress: 14% - Saving 3.31 MB of 22.87 MB
Progress: 15% - Saving 3.47 MB of 22.87 MB
Progress: 15% - Saving 3.63 MB of 22.87 MB
Progress: 16% - Saving 3.78 MB of 22.87 MB
Progress: 17% - Saving 3.94 MB of 22.87 MB
Progress: 17% - Saving 4.09 MB of 22.87 MB
Progress: 18% - Saving 4.25 MB of 22.87 MB
Progress: 19% - Saving 4.41 MB of 22.87 MB
Progress: 19% - Saving 4.56 MB of 22.87 MB
Progress: 20% - Saving 4.72 MB of 22.87 MB
Progress: 21% - Saving 4.88 MB of 22.87 MB
Progress: 21% - Saving 5.03 MB of 22.87 MB
Progress: 22% - Saving 5.19 MB of 22.87 MB
Progress: 23% - Saving 5.34 MB of 22.87 MB
Progress: 24% - Saving 5.5 MB of 22.87 MB
Progress: 24% - Saving 5.66 MB of 22.87 MB
Progress: 25% - Saving 5.81 MB of 22.87 MB
Progress: 26% - Saving 5.97 MB of 22.87 MB
Progress: 26% - Saving 6.13 MB of 22.87 MB
Progress: 27% - Saving 6.28 MB of 22.87 MB
Progress: 28% - Saving 6.44 MB of 22.87 MB
Progress: 28% - Saving 6.59 MB of 22.87 MB
Progress: 29% - Saving 6.75 MB of 22.87 MB
Progress: 30% - Saving 6.91 MB of 22.87 MB
Progress: 30% - Saving 7.06 MB of 22.87 MB
Progress: 31% - Saving 7.22 MB of 22.87 MB
Progress: 32% - Saving 7.38 MB of 22.87 MB
Progress: 32% - Saving 7.53 MB of 22.87 MB
Progress: 33% - Saving 7.69 MB of 22.87 MB
Progress: 34% - Saving 7.84 MB of 22.87 MB
Progress: 34% - Saving 8 MB of 22.87 MB
Progress: 35% - Saving 8.16 MB of 22.87 MB
Progress: 36% - Saving 8.31 MB of 22.87 MB
Progress: 37% - Saving 8.47 MB of 22.87 MB
Progress: 37% - Saving 8.63 MB of 22.87 MB
Progress: 38% - Saving 8.78 MB of 22.87 MB
Progress: 39% - Saving 8.94 MB of 22.87 MB
Progress: 39% - Saving 9.09 MB of 22.87 MB
Progress: 40% - Saving 9.25 MB of 22.87 MB
Progress: 41% - Saving 9.41 MB of 22.87 MB
Progress: 41% - Saving 9.56 MB of 22.87 MB
Progress: 42% - Saving 9.72 MB of 22.87 MB
Progress: 43% - Saving 9.88 MB of 22.87 MB
Progress: 43% - Saving 10.03 MB of 22.87 MB
Progress: 44% - Saving 10.19 MB of 22.87 MB
Progress: 45% - Saving 10.34 MB of 22.87 MB
Progress: 45% - Saving 10.5 MB of 22.87 MB
Progress: 46% - Saving 10.66 MB of 22.87 MB
Progress: 47% - Saving 10.81 MB of 22.87 MB
Progress: 47% - Saving 10.97 MB of 22.87 MB
Progress: 48% - Saving 11.13 MB of 22.87 MB
Progress: 49% - Saving 11.28 MB of 22.87 MB
Progress: 50% - Saving 11.44 MB of 22.87 MB
Progress: 50% - Saving 11.59 MB of 22.87 MB
Progress: 51% - Saving 11.75 MB of 22.87 MB
Progress: 52% - Saving 11.91 MB of 22.87 MB
Progress: 52% - Saving 12.06 MB of 22.87 MB
Progress: 53% - Saving 12.22 MB of 22.87 MB
Progress: 54% - Saving 12.38 MB of 22.87 MB
Progress: 54% - Saving 12.53 MB of 22.87 MB
Progress: 55% - Saving 12.69 MB of 22.87 MB
Progress: 56% - Saving 12.84 MB of 22.87 MB
Progress: 56% - Saving 13 MB of 22.87 MB
Progress: 57% - Saving 13.16 MB of 22.87 MB
Progress: 58% - Saving 13.31 MB of 22.87 MB
Progress: 58% - Saving 13.47 MB of 22.87 MB
Progress: 59% - Saving 13.63 MB of 22.87 MB
Progress: 60% - Saving 13.78 MB of 22.87 MB
Progress: 60% - Saving 13.94 MB of 22.87 MB
Progress: 61% - Saving 14.09 MB of 22.87 MB
Progress: 62% - Saving 14.25 MB of 22.87 MB
Progress: 62% - Saving 14.41 MB of 22.87 MB
Progress: 63% - Saving 14.56 MB of 22.87 MB
Progress: 64% - Saving 14.72 MB of 22.87 MB
Progress: 65% - Saving 14.88 MB of 22.87 MB
Progress: 65% - Saving 15.03 MB of 22.87 MB
Progress: 66% - Saving 15.19 MB of 22.87 MB
Progress: 67% - Saving 15.34 MB of 22.87 MB
Progress: 67% - Saving 15.5 MB of 22.87 MB
Progress: 68% - Saving 15.66 MB of 22.87 MB
Progress: 69% - Saving 15.81 MB of 22.87 MB
Progress: 69% - Saving 15.97 MB of 22.87 MB
Progress: 70% - Saving 16.13 MB of 22.87 MB
Progress: 71% - Saving 16.28 MB of 22.87 MB
Progress: 71% - Saving 16.44 MB of 22.87 MB
Progress: 72% - Saving 16.59 MB of 22.87 MB
Progress: 73% - Saving 16.75 MB of 22.87 MB
Progress: 73% - Saving 16.91 MB of 22.87 MB
Progress: 74% - Saving 17.06 MB of 22.87 MB
Progress: 75% - Saving 17.22 MB of 22.87 MB
Progress: 75% - Saving 17.38 MB of 22.87 MB
Progress: 76% - Saving 17.53 MB of 22.87 MB
Progress: 77% - Saving 17.69 MB of 22.87 MB
Progress: 78% - Saving 17.84 MB of 22.87 MB
Progress: 78% - Saving 18 MB of 22.87 MB
Progress: 79% - Saving 18.16 MB of 22.87 MB
Progress: 80% - Saving 18.31 MB of 22.87 MB
Progress: 80% - Saving 18.47 MB of 22.87 MB
Progress: 81% - Saving 18.63 MB of 22.87 MB
Progress: 82% - Saving 18.78 MB of 22.87 MB
Progress: 82% - Saving 18.94 MB of 22.87 MB
Progress: 83% - Saving 19.09 MB of 22.87 MB
Progress: 84% - Saving 19.25 MB of 22.87 MB
Progress: 84% - Saving 19.41 MB of 22.87 MB
Progress: 85% - Saving 19.56 MB of 22.87 MB
Progress: 86% - Saving 19.72 MB of 22.87 MB
Progress: 86% - Saving 19.88 MB of 22.87 MB
Progress: 87% - Saving 20.03 MB of 22.87 MB
Progress: 88% - Saving 20.19 MB of 22.87 MB
Progress: 88% - Saving 20.34 MB of 22.87 MB
Progress: 89% - Saving 20.5 MB of 22.87 MB
Progress: 90% - Saving 20.66 MB of 22.87 MB
Progress: 90% - Saving 20.81 MB of 22.87 MB
Progress: 91% - Saving 20.97 MB of 22.87 MB
Progress: 92% - Saving 21.13 MB of 22.87 MB
Progress: 93% - Saving 21.28 MB of 22.87 MB
Progress: 93% - Saving 21.44 MB of 22.87 MB
Progress: 94% - Saving 21.59 MB of 22.87 MB
Progress: 95% - Saving 21.75 MB of 22.87 MB
Progress: 95% - Saving 21.91 MB of 22.87 MB
Progress: 96% - Saving 22.06 MB of 22.87 MB
Progress: 97% - Saving 22.22 MB of 22.87 MB
Progress: 97% - Saving 22.38 MB of 22.87 MB
Progress: 98% - Saving 22.53 MB of 22.87 MB
Progress: 99% - Saving 22.69 MB of 22.87 MB
Progress: 99% - Saving 22.84 MB of 22.87 MB
Progress: 100% - Completed download of C:\Users\Administrator\AppData\Local\Temp\chocolatey\tailscale\1.16.2\tailscale-ipn-setup-1.16.2.exe (22.87 MB).
Download of tailscale-ipn-setup-1.16.2.exe (22.87 MB) completed.
Hashes match.
Installing tailscale...
tailscale has been installed.
  tailscale may be able to be automatically uninstalled.
Environment Vars (like PATH) have changed. Close/reopen your shell to
 see the changes (or in powershell/cmd.exe just type `refreshenv`).
 The install of tailscale was successful.
  Software installed as 'exe', install location is likely default.

Chocolatey installed 1/1 packages.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

2021/11/05 15:07:56Z: Userdata execution done

Is this what the issue is describing? Or is this a different issue?

[bradfitz]

I'm not sure what this bug was about.

@12nick12, what did you expect to happen? What does "would make it start automatically" mean? Connect to a tailnet? Which?

Did you authenticate once already and reboot and it didn't come back up?

[4fd81048-Brian]

I might be having this problem. Server 2019 Core, installed 1.22.0 and ran tailscale up --unattended. Authenticated, all is well. Reboot and tailscale doesn't run, tailscale status says logged out.

[4fd81048-Brian]

Still on Windows Hyper-V Server 2019 (It's Windows Server 2019 Core with Hyper-V role preinstalled). Uninstalled tailscale, deleted C:\ProgramData\Tailscale, reinstalled 1.18, tailscale up --unattended, authenticated and rebooted. Service did not reconnect.

tailscale-service-20220226T094339-1645886619.txt
tailscale-service-20220226T094731-1645886851.txt

[4fd81048-Brian]

Uninstalled. removed C:\ProgramData\Tailscale. Rebooted. Installed 1.18, 'tailscale up --unattended' authenticated with a different account, confirmed it was up. sc stop tailscale, sc start tailscale and it didn't reconnect, so the problem is not the reboot, it's easy to reproduce just by stopping and starting the service.

[4fd81048-Brian]

Might be a duplicate of #2137

[rlabrecque]

Hey there, more info here:

I'm running the following on a machine (both Windows 10 and Windows Server 2019) without tailscale installed with PowerShell as Administrator, using Google Auth on Tailscale:

msiexec /i "tailscale-setup-1.24.0-amd64.msi" /quiet
& "C:\Program Files\Tailscale\tailscale.exe" up --authkey="tskey-redacted" --unattended

My machine is successfully connected to tailscale, when I reboot my machine is not connected to tailscale. Happens with both --authkey and without --authkey.

If I run tailscale down, then launch the GUI, then connect, then [optionally?] toggle the unattended preference off, and then back on, it presents a dialog asking if I'm sure, then I reboot, unattended works 100% as expected.

The issue seems isolated to the command line tailscale.exe with --unattended.

Repro steps and more information: With a fresh install, no GUI, no C:\ProgramData\Tailscale, no %APPDATALOCAL%\Tailscale:

PS C:\Users\Riley> tailscale up --unattended

To authenticate, visit:

        https://login.tailscale.com/a/REDACTED

Success.
PS C:\Users\Riley> tailscale status
redacted    riley-pc             riley@ windows -
PS C:\Users\Riley> net stop tailscale
The Tailscale service is stopping.
The Tailscale service was stopped successfully.
PS C:\Users\Riley> net start tailscale
The Tailscale service was started successfully.
PS C:\Users\Riley> tailscale status
Logged out.
PS C:\Users\Riley> tailscale debug prefs
{
        "ControlURL": "https://controlplane.tailscale.com",
        "RouteAll": true,
        "AllowSingleHosts": true,
        "ExitNodeID": "",
        "ExitNodeIP": "",
        "ExitNodeAllowLANAccess": false,
        "CorpDNS": true,
        "RunSSH": false,
        "WantRunning": true,
        "LoggedOut": false,
        "ShieldsUp": false,
        "AdvertiseTags": null,
        "Hostname": "",
        "NotepadURLs": false,
        "ForceDaemon": true,
        "AdvertiseRoutes": [],
        "NoSNAT": false,
        "NetfilterMode": 2,
        "Config": null
}

It's interesting that ForceDaemon is true in there, LoggedOut is false

Update:

If I toggle the setting in the GUI which produces local settings, then close the GUI then do that sequence again, tailscale still doesn't come back up after redoing the steps above.
BUT... If the GUI is running, and I do the steps above it does work as expected.

[seansaleh]

@rlabrecque and @jazzdan I think I have a workaround for you in #2137 (comment)

One thing you had wrong, even if this bug is fixed, is in Powershell you need to wait for the MSI installer to finish. You can do this with & msiexec /i "tailscale-setup-1.24.2-amd64.msi" /quiet | Out-Host

[finnostero]

Can confirm this on fresh Windows server 2019 installation. Auth with authkey and --unattended, reboot -> no tailscale connectivity until I login again. After logging in toggled unattended off and back on in Tailscale GUI, reboot, tailscale connectivity now ok without logging in.

[DentonGentry]

Possibly related to use of HKLM before anyone has logged in: #2346