The Core Technologies Blog
Our Software // Windows Services // 24×7 Operation
Here are four ways to determine when your windows service last started.
Solution #1: Search the Windows Event Logs with PowerShell
The Windows Event Logs hold a wealth of information about your computer’s activities. Indeed, a new record is added to the System event log whenever a windows service starts or stops.
The easiest way to find your service’s most recent start time is to use a specially crafted PowerShell command to search the System event log. For example, the following line will return the last time the “Print Spooler” service was started:
(Get-EventLog -LogName “System” -Source “Service Control Manager” -EntryType “Information” -Message “*Print Spooler service*running*” -Newest 1).TimeGenerated
Be sure to replace “Print Spooler” with the display name of the service you are investigating!
Solution #2: Search the Windows Event Logs using the Event Viewer
Instead of running a PowerShell command, you can also search the Event Log manually.
To find the event log record showing when your service was last started:
Open the Event Viewer from the Control Panel (search for it by name).
In the left-hand column, navigate to Windows Logs > System:
Click Find… on the right to bring up the Find window. Enter the name of the service and click the Find Next button to highlight the first matching record in the middle panel. We have entered Spooler, for the Windows Spooler service:
If necessary, keep clicking the Find Next button until a record saying that your service has “entered the running state” comes up. The Source should be Service Control Manager, and the time your service started will be displayed in the Logged value. The screenshot show that the Print Spooler service last started at 8:04:55 AM on January 7th 2017:
Solution #3: Figure out when the Service’s Process was Started
Each running windows service is backed by an underlying process. 99.9% of the time, that process was launched immediately when the service started. So finding the process start time will give us the service start time.
To find out when the service’s process was started:
Determine the process identifier (PID) of the service’s process using the SC command. For a service named MyService, run:
sc queryex MyService
(Be sure to enclose the service name in quotes if it contains spaces.)
Here is the result for the Spooler service:
Make a note of the number on the PID line (1276 in the screenshot above).
Next, open a PowerShell window and run:
Get-Process | select name, id, starttime | select-string <PID>
where <PID> is the process identifier from step 1. The start time will come back in the result. Here is what we got for the spooler’s process (#1276):
Solution #4: Use the System Boot/Up Time (for Automatic Windows Services)
Most Windows Services start when your computer boots and run continuously, 24×7 in the background. For those services, the system boot time is a reasonable approximate.
You can run the built-in systeminfo command to discover when the system last started. Amongst the valuable information systeminfo returns, look for the “System Boot Time” line:
However, if you’re ever in a situation where you can’t remember the command to use, know that the Task Manager’s Performance tab shows how long the computer has been up (“Up time”). The system boot time is a simple calculation away.
So there are four easy ways to find out when your windows service started. Use whichever one best fits your situation. Good luck with your troubleshooting/investigation!
Right now your computer is probably running over a hundred programs! And with just a handful of CPUs available — certainly not enough to dedicate a whole CPU to each process — Windows has to perform some wizardry to give the illusion that each program has all the resources that it needs. Indeed, every few milliseconds the Operating System is deciding which of the many active processes should have exclusive use of the CPU for the next small slice of time, and it is doing this over and over again. This activity is called CPU Scheduling.
This article discusses how you can influence CPU scheduling to benefit all your windows services, as well as any application running as a windows service with AlwaysUp.
Give All Windows Services More CPU Time
While Windows manages CPU scheduling automatically, you can specify which types of tasks get more processing resources via a setting on the Control Panel. To find the setting:
Open Control Panel
Click System and Security
Click Advanced system settings on the left to open the System Properties window
Switch to the Advanced tab
In the Performance section, press the Settings… button to open the Performance Options window
Switch to the Advanced tab to reveal the Processor scheduling section.
Windows offers a single choice: Do you want to give preferential treatment to regular, foreground programs (like Word and Excel) or to background windows services? A desktop PC, actively driven by a person expecting his applications to be very responsive is better off choosing Programs. However your AlwaysUp-managed applications will likely perform better with the Background services option as they are being run in the background as Windows Services. Please apply that setting to your system if necessary.
Give your Important AlwaysUp Application More CPU Time
Windows performs priority based round robin CPU scheduling. Each process has an assigned priority (from idle to real-time) and Windows tries to assign available CPU cycles to the higher priority processes whenever it can. However, since almost all processes on the typical computer run with normal priority, the reality is that CPUs are offered equally to the majority of the active processes.
But why should the print spooler or the time synchronization service be given a CPU while your mission-critical application is left waiting in line?
Fortunately AlwaysUp can be configured to run your application at a higher priority, to ensure that it gets more processing power than less time-sensitive processes. To make the change, edit your application and find the Set the priority to setting on the General tab:
We recommend setting the priority to Above Normal or High to give your application preferential treatment.
Note: As Microsoft counsels, the Realtime option should be used with extreme caution as it may have unintended side effects.
Windows Server 2016 was quietly released on October 12th. This new operating system extends Microsoft’s reach into modern cloud technologies (with Nano Server and Docker) and introduces a host of under-the-hood improvements in security, networking and automation. This Technet article digs into the details.
Anything New for Window Services?
No — at least nothing that we could find.
Unlike Windows 8.1 or Windows Server 2008 R2, Windows Server 2016 was not accompanied by an update to the underlying Services API. There are no new capabilities available to applications built on top of those mission-critical functions supporting 24×7 operation.
Indeed, the reliable Services Control Panel application remains the same as we saw in the previous generation, Server 2012 R2:
Nevertheless, we were still very curious to see if any of our applications would run into trouble on Microsoft’s latest and greatest!
AlwaysUp Windows Services Work Well on Server 2016
We easily installed AlwaysUp 9.7 on our Server 2016 test machine. And with no major changes for Windows Services, it was no surprise to see AlwaysUp running applications like Dropbox, Box Sync and Skype reliably in the background:
Service Protector Monitors your Important Server 2016 Services
Our team encountered zero issues installing, running and evaluating Service Protector 5.3 over a two week period. Advanced features such as CPU hog detection, scheduled restarts and email alerts all operated without a hitch.
Our Free Utilities are Compatible with Windows Server 2016 Too
Thankfully Service Trigger Editor, ServiceTray, Switch to Session 0 and all our other products performed flawlessly on the new OS as well. No problems were found.
But Server 2016 Contains a Bug: No Keyboard and Mouse in Session 0
We discovered this problem when we tested Windows 10 last year, and it now appears to have taken hold on Microsoft’s Server operating systems as well. The folks in Redmond are aware of the bug and claim to have a fix but several of us who rely on Windows Services have been impatiently awaiting a resolution for over a year now.
So to sum up, we are pleased to report that our entire suite of applications is compatible with Windows Server 2016. Best of luck running Server 2016 in your business!
Additional Windows Server 2016 Information
If you are responsible for keeping a CPU-hogging Windows Service running all the time, then we have some great news! Service Protector, our time-saving administrative tool that helps any Windows Service achieve 100% uptime, is now able to monitor processor use across all your server’s CPUs.
Previous versions of Service Protector would only monitor a single CPU/Core. This approach fit with the vast majority of today’s popular windows services that run entirely on one CPU, but it was inadequate for newer, performance-hungry services designed to make use of all a server’s CPUs. This release addresses that deficiency by detecting “runaway” services consuming too many cycles across all the CPUs.
How to Activate Windows Service “CPU Hog” Detection Across All Processors
To identify and automatically restart a misbehaving windows service that ties up multiple CPUs, simply check the Average over all CPUs (instead of only one) box when configuring Service Protector’s Monitor tab:
With the above setting, a service running on a 4-CPU machine that consumes over 95% of all processing power would be automatically restarted by Service Protector.
Our free ServiceTray utility manages any Windows Service from a convenient tray icon. Most folks that use the software configure it to start at login by placing a shortcut in the Windows Startup Folder, but unfortunately that method is not effective on the latest versions of Windows.
Why Doesn’t the Startup Folder Work for ServiceTray?
Microsoft introduced a set of security features called User Account Control (UAC) in Windows Vista and Server 2008. The key concept behind UAC is that of “least privilege” — where all applications run with normal, non-administrative rights until someone explicitly allows elevation to the more powerful context. Yet while UAC has certainly made PCs more secure from malicious viruses and other hostile actions, it can occasionally foil legitimate use.
For example, UAC doesn’t play nicely with programs configured to start automatically when you log in. Indeed, if an application or shortcut in the startup folder requires administrative rights, Windows will not start it! Such is the case with ServiceTray, which must run as an administrator to start, stop and interrogate your Windows Service.
So how do you get ServiceTray to start when you login? We have identified a couple of solutions:
Solution #1: Disable UAC
Perhaps the simplest way to get Windows to automatically launch ServiceTray is to turn off UAC. Indeed, a quick Google search will turn up many articles showing how to disable UAC. Apparently many people have found UAC very frustrating and end up turning it off. However as this post points out there are many security implications to consider if you go that route. So caveat emptor!
Solution #2: Create an “At Login” Scheduled Task
You may have heard that the Windows Task Scheduler is the ideal choice for running background tasks at scheduled times, but did you know that it can also fire up an application on your desktop when you log in? Here is how to do that for ServiceTray:
Start Task Scheduler. This is best done by running taskschd.msc from a command prompt, or by opening the Control Panel, searching for “schedule” and clicking the Schedule tasks link.
From the Task Scheduler window, click the Create Basic Task… action on the right:
You should now be looking at the Create Basic Task Wizard window where you can enter a name for the new task we are creating. Something like “Start ServiceTray on Login” would be appropriate, but you can enter anything you like.
Click Next > to move on.
In the Trigger section, select the When I log on option and click Next >.
Next, choose the Start a program option. As usual, click Next > to proceed to the next screen.
Now it’s time to tell the Task Scheduler how to start your ServiceTray shortcut. We’ll need to find that information from the shortcut itself.
Find the shortcut you created with ServiceTray. Right-click on it and select Properties. The window that comes up should look like this:
The Target field contains the full command line used to launch SerivceTray with your selected Windows Service. From that field, copy the path to the ServiceTray executable (probably “C:\Program Files\ServiceTray\ServiceTray.exe” — don’t forget the quotes) and place it in the Switch back to the Create Basic Task Wizard’s Program/script field. Put everything else into the Add arguments (optional) area.
For example, our ServiceTray shortcut command was:
“C:\Program Files\ServiceTray\ServiceTray.exe” “Spooler” -icon 1
Here is what the Create Basic Task Wizard window looks like after that command has been entered:
Click Next > to move on.
The basic configuration is now done and you should now see a summary of the scheduled task to be created.
But before clicking the Finish button, make sure to check the Open the Properties dialog… box because we’d like to make one more modification.
And finally, in the Properties window, check the Run with highest privileges box. This magical option will ensure that ServiceTray starts with full admin rights, so that it can manage your Windows Service.
Click OK to dismiss the dialog. Please close the Task Scheduler as well as your task is now in place.
While deactivating UAC is certainly quicker and easier, we recommend going with solution #2 as it doesn’t require any compromises in security/protection.
To transfer your AlwaysUp Windows Services to a new computer, please follow this 4-step process:
1. Export your AlwaysUp Application(s) from your Existing Server
If you don’t want to move any applications/services from your old server, go straight to step 2.
Otherwise, to export each of your AlwaysUp applications to a XML file:
Select Application > Export All… to summon the Browse For Folder selector:
Choose the folder where you would like the XML files to be saved.
Copy the XML files to a flash drive, or make them available on a network share that is accessible from your new PC. You will need them in step 3.
2. Download & Install AlwaysUp on your New Server
On your new PC, download AlwaysUp from our web site and follow these step-by-step instructions to install it.
3. Import your AlwaysUp Application(s) into your New Installation
If you exported applications in step 1, now is the time to import each of them into your new installation. On your new PC:
Select Application > Import…
Next, select the XML file representing the service you wish to restore. This will launch the Add Application window, already populated with the details of your service.
Review your application’s settings. Please pay special attention to the path to your main executable or script on the General tab (or any other file locations configured for your service) which may be different on this new PC.
Note that you may have to re-enter your Windows password on the Logon tab because that password was not exported along with your other settings (to enforce security standards).
Click the Save>> button to record this service.
Please repeat these steps for each of the applications/services you wish to restore.
4. Register AlwaysUp on your New Server
Chances are that registration code used on your old PC will not work on the new one. To obtain a new code, please send an email to support@CoreTechnologies.com with:
We will respond with the registration code for your new PC, along with instructions for where to enter it.
That’s it! Best of luck with your new machine!
Tod Daniels of d’innovative reported a strange problem. His JScript file (run with Microsoft’s CSCRIPT.EXE) started fine from his desktop but failed when run as a windows service with AlwaysUp.
By troubleshooting the situation from the command line, Tod was able to narrow the problem down to a problem when reading from the registry. Specifically:
regedit /e F:\test1.reg “HKEY_LOCAL_MACHINE\Software\Broadcom\BACS” run outside AlwaysUp produces a file containing the registry export.
regedit /e F:\test2.reg “HKEY_LOCAL_MACHINE\Software\Broadcom\BACS” run inside an AlwaysUp CMD session does not produce a file.
Both commands were run in the same user account, so why the different results?
The discrepancy is due to the different views of the registry presented to 32-bit and 64-bit applications.
Most modern versions of Windows are 64-bit. All the major applications and supporting DLLs distributed with the OS are 64-bit. To ensure that older 32-bit applications continue to run fine on these new operating systems, Microsoft engages in some “creative trickery”:
32-bit applications see a 32-bit version of the System32 Folder
Even though the Windows System32 folder (typically, C:\Windows\System32) is stocked with 64-bit applications, a 32-bit application has that folder “mapped” to a counterpart (C:\Windows\System32\Wow64) filled with 32-bit versions instead. So when a 32-bit application runs the “DIR” or “REGEDIT” commands, it is actually invoking the 32-bit version in the Wow64 folder. This silent mapping ensures compatibility when a 32-bit application invokes one of those standard Windows utilities.
AlwaysUp is a 32-bit application and is constrained by this behavior. When we’re troubleshooting, the command prompt is launching the 32-bit version of regedit.
64-bit applications work with a (slightly) different view of the Registry
In the 64-bit operating systems, some registry keys actually have a 32-bit version and a 64-bit version! One such key is HKLM\Software. 32-bit applications can write to this key normally, however the changes show up under HKLM\Software\Wow64 instead. A 64-bit application can see both versions of the keys and can choose which version to access.
Now Tod is using Windows Server 2012 R2 which is 64-bit. Our “a-ha” moment came when we noticed that this key exists:
but the corresponding 32-bit key does not:
This discrepancy means that 64-bit applications can access HKEY_LOCAL_MACHINE\Software\Broadcom\BACS while 32-bit applications cannot see a registry entry with that same name.
Tod was able to start the 64-bit version of regedit from AlwaysUp by exploiting another bit of Microsoft trickery — the Sysnative folder. This is the full path that enabled regedit to find the Broadcom key:
C:\Windows\Sysnative\regedit /e F:\test1.reg “HKEY_LOCAL_MACHINE\Software\Broadcom\BACS”
Ultimately he was able to launch the 64-bit version of CSCRIPT from the same path and his application is now functioning as expected as a Windows Service!
Windows Services promise 24/7 operation and it can be very frustrating when they don’t start as expected! Here are the top five reasons why a service may fail to launch when your server boots:
Your Windows Service isn’t set to Start Automatically
A window service can be configured NOT to start when your computer reboots. Indeed, a service can be set to startup only on demand, or entirely disabled so it cannot run at all.
To check that your service is properly configured:
Start the Services Control Panel application.
Find your service in the list and double-click it to show its properties.
Ensure that the Startup type field is set to Automatic.
Note that Automatic (Delayed Start), where your service starts 1-2 minutes after all Automatic services have been launched, may also be acceptable.
A Dependent Service Failed to Start
Some windows services depend on other services to support their work. Windows enforces these dependencies when booting. For example, suppose there are two services, A and B, both set to start automatically at boot. If A depends on B, then Windows will launch service B before starting service A. If service B fails to start, Windows will not start service A.
Open your service in services.msc and switch to the Dependencies tab to see if your service relies on others. If so, the problem may be with one of those dependent services.
The Service Account’s Password has Changed
If your service runs in a specific user account, was the password for that account changed recently? If so, you should edit your service and enter the new password (on the Log On tab):
There is a Problem with the Domain Account’s Group Policy
If your service is running in a domain account, ensure that the domain account’s group policy has the “Log on as a service” right. As described in this article, the service may run fine at first but suddenly stop working when the local policy (which has the right) is overwritten by the global policy (which does NOT have the right).
Look for the telltale “The service did not start due to a login failure” message in the Event Logs to identify this situation.
There is another problem, reported in the Event Logs
Your service may be shutting down because it has encountered a fatal error. The devil will be in the details so be sure to scour the Event Logs for any helpful messages from your service.
Your service may also maintain its own log files, separate from what is available in the Event Viewer. Please be sure to consult those as well!
Why Windows Services Should Avoid Showing Popups/Dialog Boxes
Unlike a regular application (like Microsoft Word) that you launch from a desktop icon and actively work with to accomplish a specific task, a Windows Service is designed to start when your computer boots and run entirely in the background — even if you never log on.
Yet despite this design philosophy, there is no restriction that actually prevents a Windows Service from displaying windows and trying to interact with users logged on to the PC. Indeed, such “Interactive Services” were encouraged in Windows XP and Windows Server 2003, but Microsoft changed their tune in Windows Vista. In our opinion, a couple of glaring problems caused the folks in Redmond to reverse course and actively discourage Windows Services from trying to get the desktop user’s attention:
What happens when no one is logged on?
It is unclear what should happen when a Windows Service shows a prompt and no user is there to answer it. Holding up the action while waiting for someone to log on and click a button can be problematic for tasks designed to perform important tasks, 24/7.
What happens when several users are logged on?
When a service throws up a prompt, which of the multiple users logged on should be allowed to respond to that window? One? All?
These thorny issues should discourage anyone from writing an interactive service today!
But what is you have inherited a legacy service implemented under the more permissive Windows XP or Server 2003 rules? What if commercial realities force you to run an interactive application as a windows service with a service wrapper like AlwaysUp? How do you keep those services running without interruption, getting around annoying prompts that would otherwise stall an important process?
Three Ways to Automatically Dismiss Dialog Boxes and Popups
Write a Custom AutoIt Script
AutoIt is a free scripting language designed for automating the Windows GUI. With this powerful tool, you can easily write scripts to activate windows, click buttons, check boxes, enter text and much more.
For example, this AutoIt script clicks the “OK” button on a window named “OCR Error”:
; Try to bring the window to the top, to
; prepare it for input.
; Click the OK button in the window.
ControlClick("OCR Error", "OK", "");
Note that an AutoIt script can be compiled into an executable to run on any machine — even those without AutoIt installed.
Buy Buzof, the “Annoying Windows Eliminator”
Buzof is a commercial utility that makes it easy for non-programmers to automatically answer Windows prompts. Its point and click interface enables you to “train” the software to take the appropriate action on those annoying popups. Here is what Buzof looks like when configured to watch for four popups, clicking the “Yes” or “No” buttons:
Note that Buzof is really meant for clicking buttons and other simple actions. More complex situations, such as checking a box and subsequently clicking a button or typing in a user name, are beyond its abilities.
Develop your own Windows GUI Utility
If you are an experienced Windows programmer, then it won’t be too difficult to create your own solution. This may be a good investment of your time if using AutoIt or purchasing Buzof are not viable options.
How to Run your Automated Solution on the Isolated Session 0 Desktop
Once you have settled on a method to automatically dispatch the dialog boxes and popups, you must now set it up to run on the desktop where Windows Services run — in Session 0. There are a couple of ways to achieve this:
Run your Utility as a Windows Service
We recommend using our AlwaysUp application to run your chosen utility as a Windows Service. If you are using an AutoIt script, set it up to run periodically, perhaps once every minute. For Buzof, which should be started once and kept running continuously, any service wrapper (such as Microsoft’s Srvany) will perform the basic job.
Run your Utility with the Task Scheduler
Setup a basic scheduled task to start your solution. It will run entirely in Session 0.
Note that you can also launch your utility manually in Session 0 using Microsoft’s PsExec command line tool.
Best of luck keeping your Windows Services operating 24×7, without annoying interruptions!
Backups are an essential part of any professional system. Schedule them regularly or risk losing valuable data (and precious time) when a component fails.
But backing up a live system can often be tricky. The backup software must be “lock” each file to capture a consistent snapshot, and that exclusive access, though temporary, can cause another application to panic and throw up its hands in failure. Or the reverse can happen — an application can lock a file and prevent the backup software from capturing it. And what good is a backup if it doesn’t capture all your important data?
So it’s always best to have a “quiet” system when performing a backup. Close all non-essential applications in advance. But what about Windows Services? Unlike regular desktop programs, those shouldn’t be stopped indefinitely.
This is the dilemma faced by one of our customers. Backups run every weekend constantly fail because his windows service prevents the backup from accessing key files. He tried stopping the service before he left work on Friday evening and restarting it on Monday morning, but users complained loudly about the extended downtime.
The obvious solution is to have a much smaller downtime window for the windows service — only for the duration of the backup. Here is how to do so in an automated fashion, with a couple of well-timed scheduled tasks that leverage the useful NET command.
Part 1: Create a Scheduled Task to Stop your Windows Service before the Backup Starts
Start the Windows Task Scheduler by running taskschd.msc from a command prompt. (You can also find it in Control Panel by searching for “Schedule tasks”).
In the window that comes up, click Create Basic Task… on the right to launch the Create Basic Task Wizard:
Enter a name for your new task. Something like Stop service before backup starts should work nicely. Click Next > when you are done.
In the next couple of steps, we’ll specify when to stop the windows service. Since our backup occurs every Saturday at 10 PM, we’ll setup the task to shut down the service a minute before, at 9:59 PM:
Click Next > to proceed.
On the subsequent screen, select Start a program and click Next >:
Here is where we must specify the program to shut down the service. We’ll use the NET STOP command.
- Enter NET.EXE in the Program/Script line.
- And in the arguments field, enter
where <Service-Name> is the name of the service. We have used “Spooler” in this tutorial but you will obviously use your own service instead. Be sure to enclose that name in quotes if it contains a space!
Click Next > to continue.
We’re almost done! You should see a screen confirming your settings. Click Finish to record this new scheduled task.
Part 2: Create a Scheduled Task to Restart your Windows Service after the Backup Completes
Basically, repeat Part 1 but with the following changes:
When naming the task in Step 3, call it something like Restart service after the backup is done instead.
In Step 4, set the time so that the task will run AFTER the backup completes.
In Step 6, run the NET START command instead. That is, set the arguments field to
Here is what the ending summary screen should look like once you are done:
And that’s it. Since implementing this tactic a few weeks ago, our customer’s backups have been problem-free. We’re confident that the same solution will work for you!