The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation


Q&A: How do I Fix “The service did not start due to a logon failure”?

Q&A - Logon failed
  I setup AlwaysUp to run JRiver Media Center as a Windows Service but it’s simply not working. I reboot the server every week and every time AlwaysUp says it can’t log on. These errors come up, over and over:

AlwaysUp logon failure errors

Help!

— Anonymous

Hi — sorry to hear that the service isn’t starting for you!

From the logs you sent, the key error appears to be this one:

The service did not start due to a logon failure

Windows is saying that it cannot authenticate your account (the one you specified on the Logon tab in AlwaysUp) so it cannot start the service.

The failure is probably due to one of three problems. Answer the following questions to find a solution.

Has your Windows password expired/changed?

If you recently set a new password on your Windows account, the service may be stuck using the old one.

To update the service’s password:

  1. Edit your JRiver service in AlwaysUp

  2. Switch to the Logon tab

  3. Enter your new password:

    Enter your new password
  4. Save your settings.

Reboot your PC and see if JRiver starts automatically. If not, read on to keep troubleshooting.

Have you specified a domain account on the AlwaysUp Logon tab?

If your service is running in a domain account, it’s possible that the service is starting too soon — before the primary domain controller is ready to accept requests.

Indeed, this can easily happen when your computer is the slow-starting domain controller!

The fix is to delay the start of the JRiver service, to allow the domain controller enough time to launch and initialize. To do so:

  1. Edit your JRiver service in AlwaysUp

  2. Set the Start the application field to Automatically, but shortly after the computer boots:

    Set JRiver service to start delayed
  3. Save your settings.

Reboot and see if that does the trick!

Is your Active Directory Group Policy overwriting the Local Policy setting for the “Log on as a service” right?

This last scenario applies if your system uses Active Directory and you have specified a domain account on the AlwaysUp Logon tab.

Your Windows account may be losing the right to run as a service when an incomplete group policy overwrites the local policy. Basically, your account is “out of sync” with the Active Directory server.

The solution is to modify the domain group policy, as outlined in this blog post.

Still experiencing “logon failure” errors?

If you are still seeing the error, something strange is definitely going on with your setup.

Please get in touch to schedule a remote session, where we can troubleshoot your misbehaving service. We’ll do our best to have you up and running soon!

Posted in AlwaysUp | Tagged , , , , | Leave a comment

How to Run a Python Script Every Hour, On the Hour

How to Run a Python Script Every Hour

Python is fast becoming the world’s most popular coding language. It’s no surprise that more and more administrators are turning to the simple, efficient, and ubiquitous platform for a variety of day-to-day tasks.

One question that frequently comes up on Internet forums deals with scheduling:

  How do I schedule my Python script to run every hour on my Windows computer?

The Windows Task Scheduler seems like it should do the job, but unfortunately it falls short because it has no ability to restart an application at a fixed time. You would have to set up 24 tasks, one for each hour of the day. That’s too much busy work.

You could also create a batch file that runs the script in an infinite loop and launch the batch file with Task Scheduler. That would be easier, but the lack of a fixed schedule means that you wouldn’t know the time when the script would be run. And with zero monitoring and error reporting, you would be left in the dark if the script somehow stopped running — for example, if someone accidentally terminated it. Not a very robust approach.

Instead, we recommend using AlwaysUp. Simply setup your Python script to run as a background Windows Service, then configure AlwaysUp to launch your script each hour on the hour. Here’s how to do that.

1. Install your Python script as a Windows Service with AlwaysUp

First, follow our step-by-step tutorial showing how to run any Python script as a Windows Service with AlwaysUp.

Python running as a Windows Service

Your Python script will be configured to run once per day but don’t worry — we’ll adjust that in the next section.

2. Restart your Python script every hour, on the hour

Instead of running only once per day, let’s run your script hourly. To make that change:

  1. Edit your Python script in AlwaysUp.

  2. Switch to the Restart tab.

  3. Check the Not immediately and the On the next hour options:

    Restart Python hourly
  4. Click the Save button to record your changes.

3. Minimize logging as your script stops and restarts in the background

By default, AlwaysUp will record detailed information (in the Windows Event Logs) whenever the application it is monitoring starts and stops. This is fine for programs designed to operate 24/7, but that logging can be overwhelming for a script that starts and stops frequently.

To reduce the writing to the Event Logs:

  1. Edit your Python script in AlwaysUp.

  2. Switch to the Restart tab.

  3. Check the Minimize event logging as the application stops & starts option:

    Minimize Python Service Logging
  4. Click the Save button to record your changes.

And that’s it. From now on, your Python script will run predictably — every hour, on the hour.

Please be sure to get in touch if you have any questions about running your script as a service (or anything else).

Posted in AlwaysUp | Tagged , , , | Leave a comment

Support for Windows 7 and Windows Server 2008 Ending in January 2020

Windows Server 2008 R2 End of Life

After more than a decade in the trenches, Windows 7 and Windows Server 2008 R2 will no longer be supported. Microsoft will stop issuing updates for those operating systems on Tuesday January 14, 2020.

I’m still running Windows 7/Server 2008: What does this mean for me?

After the deadline, your computer will no longer receive Windows updates/patches. This is probably fine for new features and capabilities (who needs those anyway?), but it is potentially lethal for safety and security.

This is because any serious security flaw discovered after January 2020 will not be fixed. Attackers will have all the time they need to break into your computer.

We recommend upgrading ASAP — especially if you are working in a commercial environment. Why put you and your company at risk for a ransomware or other cyber-attack?

Will your software (AlwaysUp, Service Protector, etc.) continue to work on Windows 7/2008?

Yes. For now, all our current software will continue to work with the soon-to-be-retired versions of Windows. We will not be disabling those operating systems in any versions of our Windows Services software that you can download today.

However, at some point we will drop support for 7/2008. For example, AlwaysUp version 13 (expected in 2021) may no longer run on 7/2008. Of course, you will be able to stick with version 12 (or earlier) for as long as you like.

Will you provide support if I’m running Windows 7/2008?

Yes — up to a point. We’ll happily investigate problems on those systems, but realize that our hands will be tied if the flaw is due to a problem in the underlying (now obsolete) operating system.

Additional information/resources

As usual, please get in touch if you have any questions or need help working with our software after the deadline has passed.

Posted in Windows | Tagged , , , | Leave a comment

Q&A: How Do I See the Output/Traceback From my Python Windows Service?

Q&A - Python Output
  We’re using AlwaysUp to run a Python program as a service. Do you have any recommendations about logging?

Ideally I would see the output of the python program as if it were run in command line, to see the traceback if there is an error. For example:

    Traceback (most recent call last):
    File "", line 1, in 
    NameError: name 'r' is not defined

— Liam

Hi Liam. I see your problem. It’s important to know when Python runs into a problem, but errors can be difficult to spot when the service’s console — alive and well in the isolated Session 0 — isn’t visible on your desktop.

You have a couple of options:

1. Capture the output of your Python program in a text file

AlwaysUp can capture Python’s command line output to a file of your choosing. That option is available on the Extras tab:

Capture Output from the Extras tab

Check the Capture output to this log file box and enter the full path to a (new) text file.

If your script generates lots of text, you may want to prevent the file from growing too large. Check the Automatically trim box and specify the maximum size in megabytes. When the file grows to the maximum size, the oldest 10% will be discarded to make room for new entries. Be sure to tune the max size so that you don’t lose useful data.

With those settings in place, your Python service will write all console/traceback output to the file. Both the standard output and standard error streams will be captured.

Open the file to see what’s going on with your script. Or even better, use the free WinTail to “track” the file. New lines will appear in real-time — just if you were looking at the Python console.

To confirm our advice, we ran a Python script with a deliberate error (borrowed from this page) and captured the output. Here is the result (with WinTail monitoring the output file):

Python script: Traceback output

It works!

2. Run your Python script in the current session, where you will see the console

If you don’t want to configure logging — or you just want to see the console temporarily while debugging a problem — you can instruct AlwaysUp to run the Python console on your desktop.

Simply select Application > Restart in this session and AlwaysUp will temporarily stop Python and “re-parent” it onto your screen:

Restart Python program in this session

Your program will run visibly while you are logged in. When you logout, AlwaysUp will automatically return your application to the background (i.e. Session 0).

One final bit of advice…

We recommend that you do your best to thoroughly debug your Python script before running it as a set-it-and-forget-it Windows Service. Dynamic languages like Python need extra attention in that area.

The fewer surprises in production the better, right?

Posted in AlwaysUp | Tagged , , , , , | Leave a comment

Q&A: How do I Rename my Application/Service in AlwaysUp?

Q & A - Rename AlwaysUp Application/Service
  I’m a long-time user of AlwaysUp. Can I rename a service?

— Bonnie

Hi Bonnie.

Unfortunately you can’t rename an application in AlwaysUp. This is because the underlying Windows Services API (which AlwaysUp employs to work its magic) simply does not support that operation. You can change many properties of a service — such as the login account, the startup type and the path to the executable — but not its name.

But all is not lost! You can use AlwaysUp’s “Add Copy” feature to implement a poor-man’s rename…

How to use “Add Copy” to rename your application/service

The basic idea is to duplicate your existing application, give it a different name and remove the original.

To do so:

  1. Highlight the entry you wish to rename in AlwaysUp. (We’ll work with Plex Media Server in this guide.)

  2. From the menu, select Application > Add Copy:

    AlwaysUp: Add Copy

    The familiar Add Application window will appear — containing a clone of the entry you highlighted.

  3. In the Name field, remove the default value (“Copy of…”) and enter the name you desire.

    We simply added a “NEW” prefix but your change will be more meaningful:

    AlwaysUp: Change Application Name
  4. Are you running your application in a specific user account? If so, switch to the Logon tab and enter the password for that Windows account:

    AlwaysUp: Set the Login Password

    You must do this because the “Add Copy” feature does not propagate any passwords — an important security precaution.

  5. And if you are using the email notification feature and have configured an email account with a password, you must re-enter that password as well.

    Switch to the Email tab, click the Configure button and type in your password:

    AlwaysUp: Set the Email Password
  6. We’re done making changes so click the Save button to record your new application. Here you can see our old and new entries, side-by-side:

    AlwaysUp: Copy Created
  7. And finally, delete the original application from AlwaysUp. You no longer need it since you have a new version with the correct name.

    Highlight the original, choose Application > Remove and confirm the prompt to complete the process:

    AlwaysUp: Remove the Original Application

That’s it! Apologies for the multiple steps, but that is the best we can do until Microsoft explicitly supports renaming a Windows Service.

As usual, please get in touch if you have any questions about the process.

Posted in AlwaysUp | Tagged , | Leave a comment

Q&A: Why Doesn’t AlwaysUp Catch my Endless Loop?

Q & A - Detect Infinite Loops
  Following your AlwaysUp documentation, I am using the “Monitor the application and stop it whenever it hangs” option. When I set its value to 1 minute, this feature does not work as I expect.

I wrote a simple application that goes into an endless loop after one minute of execution time. But the application is not restarted by AlwaysUp. Why not?

— Beatrix

Hi Beatrix. Not all infinite loops can be detected by AlwaysUp. Let me explain…

AlwaysUp catches non-responsive GUI applications

AlwaysUp’s hang detection feature is designed to identify a specific situation — where a Windows GUI application is not responding to the operating system.

We have all encountered this type of hang before. It happens when Firefox suddenly locks up, or when Excel goes gray and the cursor turns into a spinning wheel. The application is frozen and all input is ignored.

If you are lucky, the disruption only lasts a few seconds; if not, you may have to forcibly terminate the application from the Task Manager. Very annoying!

Beyond the gray window and spinning cursor, there are a couple of telltale signs when an application is hung/non-responsive:

  1. You will see “Not responding” in the application’s title bar.

    Outlook Not Responding
  2. The application’s process will be marked as “Not responding” in the Task Manager:

    Task Manager Process Not Responding

Furthermore, Windows may throw up a warning outlining your very limited options:

Excel Process Not Responding

The good news is that AlwaysUp has you covered in all of those situations!

How AlwaysUp checks if your application is hung

When you enable hang-checking, the AlwaysUp Windows Service component executes the following procedure every few seconds:

  1. Scans the desktop to identify all top-level windows belonging to the application being monitored.

  2. Sends each of those top-level windows a WM_NULL (no-op) message.

  3. Waits a few seconds for each of the windows to acknowledge the message.

  4. Declares the application a hang if no windows respond.

An application that remains hung over the user-supplied duration (1 minute, in your case) will be terminated and restarted.

Not all endless loops result in a frozen/non-responsive application

There are a couple of consequences stemming from the way that AlwaysUp checks for a hang.

First, an application without a top-level window can never be classified as a hang.

For example, this simple, non-GUI C# program that loops forever will escape detection:

using System;
namespace InfiniteLoop {
   class Program {
      static void Main(string[] args) {
         while (true) {
            Thread.Sleep(1000);
         }
      }
   }
}

Second, if an application creates multiple windows, all windows must be non-responsive for AlwaysUp to declare a hang. If even a single window processes the WM_NULL message, the application will be classified as responsive.

My guess is that your endless loop test fits into one of the scenarios above. Unfortunately AlwaysUp’s hang detection feature will not be able to help there. Sorry about that!

But all is not lost…

Use the Sanity Check feature to detect endless loops and other failures

There can be many indications that a program is stuck. For example, an application might:

  • stop responding to requests over the network;

  • stop writing entries to a status file;

  • report an “I have failed” message to a log file;

  • or leave files collecting dust in a specific “inbox” folder

In situations like these — where the failure is detectable by a script or simple utility — you should look to AlwaysUp’s powerful Sanity Check feature. It allows you to extend failure detection to encompass anything you like, including the issues listed above.

The Sanity Check page digs into the technical details, which we will not repeat here. Please review the documentation and get in touch if you need help to use that flexible functionality.

Posted in AlwaysUp | Tagged , , , , | Comments Off on Q&A: Why Doesn’t AlwaysUp Catch my Endless Loop?

Windows Service Patterns

Windows Service Patterns

Windows Services are special applications designed to run unattended on your PC. A service an do virtually anything its programmer demands, such as reading files, sending email, checking for viruses — whatever.

Yet in the midst of that tremendous diversity, the vast majority of services have a lot in common. With inspiration from Professional NT Services, it is our observation that the majority of windows services can be placed in one of four categories: Server, Agent, Processor or Canary.

  1. Server: Accept and fulfill requests for services and/or resources

    The majority of Windows services implement the Server pattern. They typically act as the proxy/gatekeeper to a well-defined area of the operating system, fulfilling requests as they come in.

    For example:

    • Spooler implements the Print Spooler API. It accepts print requests from desktop applications and negotiates with printers to ensure that they all documents are (eventually) printed.

    • User Profile Service is responsible for loading and unloading user information on behalf of all applications.

    • Windows Event Log records application, system and security events through the Event Log API.

  2. Agent: Perform a task regularly on behalf of a person

    Many services implement the Agent pattern. They run in the background, performing requested tasks at pre-defined times.

    For example:

    • Google Update Service keeps your Google software up to date, applying security patches and other improvements as they become available.

    • The Schedule service works in conjunction with the Windows Task Scheduler, launching each scheduled task at its appointed date and time.

    • Windows Update automatically detects, downloads, and installs of updates for Windows and other Microsoft programs.

  3. Processor: Watches for important events then takes action

    A Processor springs to life in response to a triggering event. It has the autonomy to take action and resolve the issue at hand.

    For example:

    • Windows Time ensures that your PC’s clock is correct, synchronizing it with clients and servers in the network.

    • Background Intelligent Transfer Service opportunistically transfers files in the background when network traffic is low.

    • Bluetooth Support Service supports the discovery and pairing of nearby Bluetooth devices.

  4. Canary: Notify a person (or application) when something important happens

    A Canary is a special kind of Processor. It too watches for important events, but its primary task is to shout loudly instead of taking definitive action.

    For example:

    • Windows Defender Advanced Threat Protection Service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.

    • System Event Notification Service monitors system events and notifies subscribers to COM+ Event System of these events.

    • Connected User Experiences and Telemetry enables features that support in-application and connected user experiences. The service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.

Many desktop applications follow a Windows Service pattern too!

Those four patterns apply to regular desktop applications as well. Most notably:

  • iTunes enables your Apple devices to play any track from your media library. iTunes is a Server.

  • SyncToy will synchronize two file systems on demand. SyncToy is an Agent.

  • Dropbox watches your file system and copies updated files to the server. Dropbox is a Processor.

  • SpeedFan monitors your computer’s voltage, fan speeds and temperatures and lets you know when something is wrong. SpeedFan is a Canary.

If you are responsible for a legacy/desktop application that aligns with one of the four service patterns, you should consider installing it as a Windows Service. It probably should have been built as a service in the first place!

Posted in Windows Services | Tagged , | Leave a comment


Essential Windows Services: Power

Windows Power Service

What is the Power service?

The Power service implements your computer’s power schemes, policies and notifications as configured in the Control Panel:

Control Panel Power Options

The service’s name (and display name) is Power and it runs inside the shared services host process, svchost.exe:

Power Windows Service

Is it safe to disable the Power service?

In their guidance on disabling system services on Windows Server 2016, Microsoft does not indicate that it is OK to disable the Power service. Indeed, they punt on specific guidance altogether, commenting that “the impact of disabling the service has not been fully evaluated”.

Their ultimate recommendation is to stick with the default configuration — automatic start at boot.

The “Stop” button is disabled. How can I stop the Power service?

If you examine the service’s screenshot, you will notice that the Stop button is disabled — indicating that the service cannot be stopped.

And even the versatile NET STOP command run as an administrator will fail, complaining that the service isn’t in the right “state”:

Net stop Power fails

This is different from the typical permission/rights problem seen when attempting to stop other important services. Here, the Power service is actively refusing to be stopped under any condition and there is no way around it.

What will happen if I kill the Power service’s process?

Your computer will shut down, immediately.

This is because the Power service is hosted by an instance of the shared service host process (svchost.exe) also running these core services:

  • Background Tasks Infrastructure Service / BrokerInfrastructure: Responsible for background tasks.

  • DCOM Server Process Launcher / DcomLaunch: Launches COM & DCOM servers.

  • Local Session Manager / LSM: Manages local user sessions.

Task Manager will confirm that all four services have the same PID (process identifier):

The Power Service in Task Manager

So killing that svchost process will stop all four services.

If you choose to press on and try to end the process, Task Manager will warn you of the dire consequences:

Kill Power Service warning

And that is no idle threat! We were greeted with this delightful blue screen of death after terminating the process on our Windows Server 2019 machine:

Blue screen of Death: A critical process died

Be careful!

The Power service isn’t starting. Help!

We suggest the following:

  1. Reboot your computer. Hopefully you have fallen victim to a temporary glitch and sanity will be restored when the operating system next starts.

  2. Manually run Windows Update. If you’re lucky, the Microsoft Windows engineers have already found and fixed the problem with their software.

  3. Seek expert help. Start with a google search for a quick fix; move on to your local administrator if no resolution is forthcoming.

  4. Reinstall Windows. You may have to start over from scratch if nothing else works… 🙁

Questions? Problems?

If you would like to know more about the Windows Power service, or you have a specific problem, please feel free to get in touch. We will do our best to help you!

Posted in Windows Services | Tagged , , | Leave a comment

Q&A: How do I allow Non-Admins to Start/Stop/Restart my AlwaysUp Windows Services?

Q & A - Windows Service security
  I’m wanting to know what permissions a user is required to have in order to stop and start AlwaysUp services. Is there a way to grant access to specific users as I don’t want to have to give them full Admin rights? I’ve created shortcuts but getting the “access denied” message. Thanks in advance.

— Bryant, Wide Bay Water

Hi Bryant.

Typically, only administrators have the power to control Windows Services. That is an appropriate stance, as most services are administrative in nature.

Indeed, it would be a huge mistake to allow non-privileged persons to stop any of the important tasks servicing the computer in the background. Think of the chaos it could cause!

But there are always exceptions. And the good news is that Microsoft provides the ability to set granular permissions on each Windows Service. You can leverage that API/functionality from command-line tools like Microsoft’s SubInACL but your best option is to work directly with AlwaysUp (which is much easier to use).

How to adjust the rights of an AlwaysUp Windows Service

Follow these steps to grant a non-admin user the ability to start and/or stop your service:

  1. Start AlwaysUp.

  2. Highlight/select the application you wish to grant access to. Stop it if necessary.

  3. Select Application > Advanced > Service Security Settings from the menu.

  4. In the Service Security Settings window that comes up, select the user in the top pane. You will have to add the account if it’s not there.

  5. In lower pane, choose the permissions you wish the user to have.

    Here you see us permitting user “Mike Jones” to read/access and start (but not stop) the Plex Media Server service:

    Set Plex Service Security Settings
  6. Save your changes.

Afterwards, the user will be able to use the Services Control Panel application, the NET command or the SC utility to manipulate the service created by AlwaysUp.

Remember: The user must work with the full, quoted name of the service, with the “managed by AlwaysUp” suffix. For example, if your application entry is named “VirtualBox” in AlwaysUp, the service will be named:

“VirtualBox (managed by AlwaysUp)”

Easily adjust the rights of non-AlwaysUp Windows Services too!

The instructions above will work for AlwaysUp services, but our free Service Security Editor tool can adjust the permissions of any service. Check it out if you need a general, portable solution for all your Windows Services.

Posted in AlwaysUp | Tagged , , , , , | Leave a comment