The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation


Q&A: Why does AlwaysUp Think my Application Stopped?

Why does AlwaysUp Think my Application Stopped?
  Dear AlwaysUp support,

We frequently get the following warning:

AlwaysUpService has detected that the application has stopped.

However, in the logs of our application we can’t see anything pointing to the reason why the application stopped.

Why does AlwaysUp believe our application stopped? What is the criteria for the decision, that an application is considered as stopped?

Our application handles complex tasks. When it’s very busy, it might appear to hang. Could that be a reason for AlwaysUp to say it stopped?

I am pretty sure the process — normally visible in Task Manager — is not stopped, but I’m not 100% sure and I can not prove it. I am wondering if AlwaysUp might close the app by mistake.

— Adrian

Hi Adrian.

Don’t worry! With a little detective work, we should be able to figure out what’s going on.

But first, let’s review how AlwaysUp monitors your application.

How AlwaysUp determines that your application stopped

After AlwaysUp launches your application as a service, it’s primary task is to watch your application and ensure that it’s always running. As such, AlwaysUp performs a battery of tests every few seconds to detect if your application is in trouble.

The most important check involves the state of your application’s process. But what is a process?

When Windows runs your application, it creates a process to track that specific instance of your running application. That process has an identifier (ID) and is visible on the “Details” tab in the Task Manager.

For example, process 9088 was created after we opened Notepad on our desktop:

Task Manager: Notepad Process

And when we quit Notepad, process 9088 exited and disappeared from Task manager’s list.

Basically, a process tracks the lifetime of a running application. And everything running on your computer has at least one underlying process.

With that in mind, let’s return to AlwaysUp.

When AlwaysUp launches your application, Windows creates a process and returns it to AlwaysUp. Going forward, every two seconds, AlwaysUp asks Windows if the process is still alive or not. You can think of it like AlwaysUp opening the Task Manager and checking if the process is still on the list.

So when AlwaysUp says that your application has stopped, it’s because the application’s process is no longer active. In effect, the process has fallen off Task Manager’s list.

Investigate with Process Explorer

Have you ever used Microsoft’s free Process Explorer? It’s an amazing tool that can help you figure out what’s running on your machine — and why. Around here, we call it “Task Manager on steroids”. 🙂

Download Process Explorer and extract the zip file to your hard drive. We’ll need it for the next steps.

Dig into the tree of processes under AlwaysUp

Start Process Explorer. It will show all the applications running on your computer.

The leftmost Process column displays the hierarchical relationships between the processes. For example, if “Process A” started “Process B”, you will see “Process B” as a child of “Process A”. “Process B” will be displayed underneath “Process A”.

Now, let’s roll up our sleeves. If you haven’t already done so, please start your application in AlwaysUp. Afterwards, switch back to Process Explorer.

In the Process column, find AlwaysUpService.exe. That is the part of AlwaysUp that runs your application as a Windows Service. It will be a child of services.exe — the Windows Services Control Manager.

Your application should appear under AlwaysUpService.exe. For example, you can see that parent-child relationship when AlwaysUp is running Microsoft OneDrive as a service:

Process Explorer: AlwaysUp running OneDrive

Does your application appear as a child of AlwaysUpService.exe?

Are other processes displayed in the tree as well?

Is this a “launcher” situation, where the application you provided to AlwaysUp starts another program and exits?

Look for anything unusual that may trick AlwaysUp into thinking that your application has stopped even though it’s still running.

Find out when your application started

If you think that your application hasn’t stopped, you should confirm that hypothesis with Process Explorer. Double-click your application’s entry to bring up the Properties window and look for the Started field.

For example, Process Explorer tells us that AlwaysUp last started OneDrive at 12:21:32 PM on March 27 2022:

Process Explorer: OneDrive start time

If everything is working as expected, the start time should be close to the time reported in the AlwaysUp logs. Please be sure to let us know if the times are different because that would indicate a bug in AlwaysUp.

Best of luck with your application!

Posted in AlwaysUp | Tagged , , , | Leave a comment

Essential Windows Services: Security Accounts Manager / SamSs

Security Accounts Manager Service

What is the Security Accounts Manager (SamSs) service?

The Security Accounts Manager service administers the database of user and group account information stored on your computer. The service helps to authenticate local and remote users logging on to your PC.

The service’s display name is SamSs and it’s hosted in the LSA process, lsass.exe. By default, the service is set to start automatically when your computer boots:

Security Accounts Manager Windows Service

What happens if I stop SamSs?

The following services depend on SamSs:

SamSs Service dependencies

That means that if you stop SamSs, those services will stop as well. And that may cripple your computer.

For example, if the Server service stops, file and printer sharing won’t work. Are those features important to you?

In any case, you may find it next to impossible to stop the SamSs service!

You will notice that the stop button is disabled in the Services application:

SamSs stop button disabled

And the SC command informs us that the service is not stoppable, cannot be paused and ignores shutdown requests:

SC Query SamSs

Apparently Microsoft really doesn’t want anyone to disturb the Security Accounts Manager service!

Is it OK to disable the Security Accounts Manager service?

The service’s description states:

 Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.

Indeed, Microsoft reiterates their recommendation to keep the service enabled on Windows Server 2016 (with Desktop Experience).

What happens if I kill the SamSs process (lsass.exe)?

The Security Accounts Manager service runs inside the lsass.exe process, which multiple services may share.

For example, here you see three services — SamSs, VaultSvc (Credential Manager), and Keyslo (CNG Key Isolation) — all running in the same instance of lsass.exe (with PID 708):

lsass.exe is running multiple services

Because all three services are running in the same process, terminating the process will stop all three services.

That’s probably OK for the CNG Key Isolation service but Credential Manager is a building block for another three services. Be sure to understand the implication of terminating the Credential Manager service before killing the shared lsass process.

The SamSs service isn’t starting. Help!

If Security Accounts Manager failed to start, it is likely that the important Remote Procedure Call (RPC) service didn’t start either.

Open Services and check if someone has disabled the RPC service. If so, you should definitely re-enable it.

After that, try to start the RPC service. If that works, you can start SamSs next.

Questions? Problems?

If you would like to know more about the Security Accounts Manager service, or you have a specific problem, please feel free to get in touch. We will do our best to help you!

Posted in Windows Services | Tagged , , , , | Leave a comment

AlwaysUp 13.3 Introduces Log File Rollover and Expands the use of Variables

AlwaysUp 13.3 is available now

AlwaysUp version 13.3 was released to all customers on April 16, 2022.

This update delivers a couple of significant improvements to help you run your programs as Windows Services — unattended and 24/7.

AlwaysUp accepts special variables in the “Arguments” and “Start in” fields

Do you run many instances of a single executable with AlwaysUp?

And does each application’s configuration follow a predictable format?

If so, you may be able to use special variables when defining your applications.

For example, let’s take the case of the Alpha Five web server. It’s common for customers to run multiple instances of Alpha in AlwaysUp, each with its own configuration.

In those situations, each entry in AlwaysUp will point to the same executable — A5ApplicationServer.exe. However, each instance will specify its own configuration file in the “Arguments” field.

Here is what it looks like when creating an instance of Alpha Five in AlwaysUp:

Alpha Five server configuration

Since the name of the configuration file (C:\AlphaFive\Server1-config.xml) is based on the entry’s name in AlwaysUp (Server1), we can use the $ALWAYSUP_NAME variable in the “Arguments” field instead:

Alpha Five server configuration using a variable

Using a variable like that reduces errors and saves a few keystrokes when duplicating the entry. And that can come in very handy when you have to create and manage many instances!

By the way, you can check out the full list of variables on page 78 of the AlwaysUp User’s Manual.

AlwaysUp can roll over log files when capturing your console application’s output

If you’re running a console application as a Windows Service with AlwaysUp, you may already know about the option to capture output to a file. That setting is available on the Extras tab.

In previous releases, the only option to limit the file’s size was by trimming. When the file grew larger than the given threshold, AlwaysUp would discard the oldest 25% of the file to make room for new entries. As such, there was no way retain all console output while limiting the file’s size.

To address that shortcoming, AlwaysUp now supports rollover when the file gets too large. When the rollover option is enabled, AlwaysUp will copy a too-large log file to a name suffixed with the current date and restart capture with an empty file.

For example, let’s say you’re logging to a file named “console-output.log” and limiting the size to 10 MB. And on April 20, 2022, the file exceeds the threshold. In response, AlwaysUp will:

  1. Copy the file to “console-output_2022-04-20.log”, to preserve all entries recorded so far;

  2. Zero out “console-output.log” and start writing new entries there.

Note that if there are many rollovers in a single day, AlwaysUp will add numeric suffix to produce a unique file name. That may result in files named “console-output_2022-04-20_01.log” or “console-output_2022-04-20_02.log” in the situation above.

You can activate the rollover option on the Extras tab. Check the Capture output… and Automatically… boxes and choose rollover from the selector:

AlwaysUp: Log file rollover

Other fixes & improvements

As usual, please review the release notes for the full list of features, fixes and improvements included in this release.

Upgrading to AlwaysUp 13.3

If you purchased AlwaysUp version 12 (after March 2020), you can upgrade to any version 13 for free. Simply download and install “over the top” to preserve your existing applications and all settings. Your registration code will continue to work as well.

If you bought AlwaysUp version 11 or earlier (before March 2020), you will need to upgrade to use version 13. Consequently, please purchase upgrades here — at a 50% discount.

Please see the upgrade policy for full details.

Enjoy!

Posted in AlwaysUp | Tagged , , , , , , | Leave a comment

Q&A: How do I Restart a Windows Service on a Remote Computer?

How do I restart a Windows Service on a remote computer?
  What’s the best way to restart a Windows Service remotely from our central domain server?

— Sylvia W.

Hi Sylvia.

We know of at least five ways to restart a Windows Service on a remote machine. Let’s review each method, focusing on the pros and cons to help you select the approach that best fits your situation.

Note: If any of the methods fail with security related errors (such as “access denied”), you may need to update security settings on the remote machine.

Method #1: Use the Services application to connect to the remote PC

Did you know that the Services application works with remote computers? For some reason, Microsoft buried that feature in the interface, making it very easy to miss!

To view services on another computer:

  1. Start the Services application

  2. In the left panel, right-click Services (Local) and select Connect to another computer from the menu:

    Services: Connect to another computer
  3. In the Select Computer window, specify the computer hosting your Windows Service:

    Specify the remote computer
  4. Click OK to access the remote PC

  5. The Services application should refresh to list the services on your other computer. From there, you can start or stop any service you like:

    Services on the remote computer

If that didn’t work, you may need to update your security settings.

Pros

  • Services is a standard utility that is available on every Windows computer.

  • Services is very easy to use.

  • Besides starting or stopping the service, you can also update the service’s properties. For example, you can disable the service, setup failure actions or change the log on account.

Cons

  • Working with Services is interactive. You (or your tech) must log in, start Services, connect to the remote PC and start the service. You can’t call Services from a batch file. As a result, this approach is not suitable for non-interactive situations.

Method #2: Run SC with the “server” command line parameter

If you’re comfortable working from the command prompt, the SC utility should be in your toolbox.

To stop a Windows Service on another machine, run:

SC \\<SERVER-NAME> STOP <SERVICE-NAME>

For example, to stop the Spooler service on our file server (named “ctc-file-server”), we run:

SC \\ctc-file-server STOP Spooler

SC stopping a remote service

Be sure to run SC from an elevated command prompt — run as an administrator. If not, the command could fail because of insufficient permissions.

Pros

  • SC is a standard utility that is available on every Windows computer.

  • With SC, you can easily start or stop a service.

  • You can call SC from a batch file, which makes it suitable for non-interactive scenarios.

  • SC can do much more than start or stop a service. You can use it to change a service’s properties as well. In fact, it supports many more settings than the Services application does. Run SC /? to see the full set of options available.

Cons

  • When starting or stopping a service, SC simply makes a request and exits. It will not wait for the service to transition to the desired state. Unfortunately, that behavior can cause complications in batch files. For example, if you call “SC STOP” immediately followed by “SC START”, the start command will fail if the service takes a few seconds to stop.

Method #3: Install and run Microsoft’s PsService

If you’re familiar with the amazing (and free) tools from Microsoft’s SysInternals group, you should definitely check out their PsService utility.

Like SC, PsService allows you to start, stop or restart your service from the command line. And importantly, PsService works with remote computers.

In fact, PsService offers a rich set of command line options. Run PsService /? to see them:

PsService command line help

Look closely and you’ll see that PsService offers one important capability that neither SC nor Services does — the ability to specify the account to use on the remote computer. That feature comes in handy if your account doesn’t have enough rights or if you want to use a specific account to control the service.

For example, to start the Spooler service on our “ctc-file-server” computer, we run:

PsService \\ctc-file-server start Spooler

PsService starting a remote service

Pros

  • PsService is safe, free, reliable and endorsed by Microsoft.

  • With PsService, you can easily start or stop a service.

  • You can call PsService from a batch file, which makes it suitable for non-interactive scenarios.

  • With PsService, you can specify the username and password of an administrative account on the remote PC. As a result, your account doesn’t need to have administrative rights on the remote computer.

Cons

  • PsService does not come pre-installed on your computer. You will have to download and install/unzip the PSTools suite to use PsService. This may be an issue if you are operating in a “locked down” environment where adding new software is difficult.

  • When starting or stopping a service, PsService simply makes a request and exits. It will not wait for the service to transition to the desired state. Unfortunately, that behavior can cause complications in batch files. For example, if you call “PsService stop” immediately followed by “PsService start”, the start command will fail if the service takes a few seconds to stop.

Method #4: Use Microsoft’s PsExec to run NET

PsExec is another powerful tool in the SysInternals arsenal. It allows you to run arbitrary commands on a remote computer.

Running the NET command with PsExec produces a command that will start or stop your service and wait for it to complete. That may be an important improvement over SC and PsService, which simply put in a request and exit.

For example, this command stops the Spooler service on our “ctc-file-server” computer:

PsExec \\ctc-file-server NET STOP SPOOLER

Stopping a remote service with PSEXEC and NET

Pros

  • PsExec is safe, free, reliable and endorsed by Microsoft.

  • With PsExec and NET, you can easily start or stop a service.

  • You can call PsExec from a batch file, which makes it suitable for non-interactive scenarios.

  • With PsExec, you can specify the username and password of an administrative account on the remote PC. As a result, your account doesn’t need to have administrative rights on the remote computer.

  • PsExec with NET will wait for your service to start or stop before returning.

Cons

  • PsExec does not come pre-installed on your computer. You will have to download and install/unzip the PSTools suite to use PsExec. This may be an issue if you are operating in a “locked down” environment where adding new software is difficult.

  • NET waits up to 30 seconds for the service to start or stop. That may not be enough time for a service that takes a long time to transition.

Method #5: Use PsExec to run ServicePilot

If your service takes a while to start or stop, you may want to use our free ServicePilot utility instead of NET. With ServicePilot, you are not limited to a 30-second timeout.

ServicePilot is better than NET in other ways too. For example, ServicePilot can restart a service in one operation (instead of issuing a stop followed by a start) or forcibly terminate a misbehaving service.

This command uses ServicePilot to start the Spooler service on our “ctc-file-server” computer:

PsExec \\ctc-file-server C:\Apps\ServicePilot.exe -start Spooler

Stopping a remote service with PSEXEC and NET

Note that the command above assumes that the ServicePilot executable is available on the remote machine. If that is not the case and you only have ServicePilot on the local machine, you must instruct PsExec to copy the executable to the remote PC by specifying the -c parameter. Here is what that command looks like:

PsExec \\ctc-file-server -c "C:\Apps\ServicePilot.exe" ServicePilot.exe -start Spooler

Even though it’s less efficient, having PsExec copy the executable each time might be the better option for occasional (and unplanned) use cases.

Pros

  • ServicePilot is safe and free.

  • With PsExec and ServicePilot, you can easily start or stop a service.

  • You can call PsExec from a batch file, which makes it suitable for non-interactive scenarios.

  • With PsExec, you can specify the username and password of an administrative account on the remote PC. As a result, your account doesn’t need to have administrative rights on the remote computer.

  • PsExec with ServicePilot will wait for your service to start or stop before returning.

Cons

  • Neither PsExec nor ServicePilot come pre-installed on your computer. You will have to download them. This may be an issue if you are operating in a “locked down” environment where adding new software is difficult.

That’s it. Hopefully one of these five methods works for you.


Appendix: Update security settings to access your remote service

Windows does a great job of locking down services. As such, you may have to relax the rules if you want to start or stop a service remotely.

Ensure that your account has sufficient rights on the remote machine

Are you sure that your Windows account can update the service?

Can you log in to the remote machine and start or stop the service?

If not, you’re probably missing permissions. You may have to:

  • Make your account an administrator on the remote computer. By default, only administrators can manipulate Windows Services.

  • Give your account permission to access the service. Log in to the remote computer and use our free Service Security Editor utility to adjust the service’s permissions:

    Update service permissions

Disable UAC remote restrictions

If you are not in a domain, your requests may be blocked by User Account Control (UAC) remote restrictions. Essentially, to enforce the principle of least privilege, Windows may not respect your administrative rights on the remote computer.

But there is a simple fix. You can disable UAC remote restrictions by updating the registry as follows:

  1. Open the Windows Registry Editor (regedit)

  2. Navigate to this key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

    Regedit: Windows System Policies
  3. Look on the right side. If there is no value named LocalAccountTokenFilterPolicy, create it by selecting Edit > New > DWORD (32-Bit) Value and naming it.

  4. On the right side, right-click LocalAccountTokenFilterPolicy and select Modify. Enter a value of 1:

    Regedit: Update LocalAccountTokenFilterPolicy
  5. Click OK to save your changes.

  6. Close Registry Editor


Posted in Windows Services | Tagged , , , , , , , , | Leave a comment

Is AlwaysUp safe?

AlwaysUp runs any application as a Windows Service

Is our popular AlwaysUp software safe? To answer in one word — Yes!

AlwaysUp is free of viruses, trojans, advertising and malware of any kind.

That’s because the integrity of our software is our company’s highest priority. Indeed, we take the following steps to ensure that AlwaysUp is safe & secure.

AlwaysUp is digitally signed, for authenticity

The executable files distributed with AlwaysUp are all code signed. With that, you can rest assured that no one has compromised the files on your system since we created them.

For example, when you launch AlwaysUp, the embedded signature tells you that our company — Core Technologies Consulting, LLC — created the software:

AlwaysUp verified by User Account Control

Similarly, you can see the digital signatures when you open the executable file’s properties:

AlwaysUp Digital Signatures

Those digital signatures make it impossible to tamper with AlwaysUp.

Each release of AlwaysUp is scanned for viruses

We thoroughly test AlwaysUp before each release. Those tests include virus scanning.

And after release, independent third parties interrogate AlwaysUp as well. Here are the results from a few of their recent scans:

Download3K Antivirus Report
 AlwaysUp is clean of any form of malware (viruses, spyware, adware, etc.)

VirusTotal report
 VirusTotal inspected AlwaysUp with over 70 antivirus scanners

If your antivirus software suggests that an AlwaysUp executable is infected, it’s almost surely a false alarm. Please contact us with the details and we will work with the makers of your virus protection software to resolve the issue.

Hundreds of security-conscious companies & governments use AlwaysUp every day

Many companies use AlwaysUp

Customers have installed AlwaysUp more than 80,000 times over the past 15 years.

As a result, you will find AlwaysUp protecting applications all over the globe in:

  • Global financial institutions

  • Cruise line operators

  • Energy corporations

  • Aircraft manufacturers

  • Healthcare providers

  • Railroad companies

  • Top universities & research institutions

  • The US government

In fact, more than 20 companies in the Fortune 50 run AlwaysUp.

And all those companies care about security! They certainly wouldn’t embrace AlwaysUp if it wasn’t safe.

AlwaysUp is actively supported and regularly patched

We're Not Affected by the Apache Log4j Vulnerability

In a world of supply chain compromises (like the Solarwinds hack) and vicious ransomware attacks (like WannaCry), software vendors must remain hyper-vigilant about security.

In our case, we actively monitor Cybersecurity & Infrastructure Security Agency (CISA) alerts to discover critical flaws as they develop.

And once we identify an important flaw that could affect our software or systems, we move quickly to:

  1. Determine if we’re actually exposed to the problematic software, and if so

  2. Upgrade or patch our systems to remediate the problem.

For example, we responded swiftly to the recent Apache Log4 vulnerability. Thankfully, the problem did not affect AlwaysUp.

We built AlwaysUp with security in mind

Since day one, security has played an important role in the design and implementation of AlwaysUp. In fact, we architected the software to keep your information secure.

For example, AlwaysUp:

  • Hides your Windows password when you’re entering it on the Logon tab

  • Doesn’t store your Windows password

  • Omits your Windows password when you export an application to XML.

AlwaysUp obfuscates your Windows password

Please read How AlwaysUp Works to learn about the internals of AlwaysUp.

The US Department of Commerce has vetted AlwaysUp

Finally, we should point out that the US Department of Commerce Bureau of Industry and Security has evaluated AlwaysUp.

After going through the process with the examiners, AlwaysUp earned an export classification of EAR99:

AlwaysUp ECCN (PDF)

Please be sure to get in touch if you have any other questions about AlwaysUp security.

Stay safe!

Posted in AlwaysUp | Tagged , , , | Leave a comment