The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation


Q&A: How do I Automatically Restart my Windows Service when it Crashes?

How do I automatically restart my Windows service when it crashes?
  One of our Windows Services crashes a few times a month. When that happens, a tech has to log into the server and start the service again, which is a pain. Isn’t there a way to restart the service automatically after it crashes? Please help.

— Kirkland

Hi Kirkland.

A Windows Service is Microsoft’s technology of choice for mission-critical applications that must run 24/7/365. As such, it’s incredibly frustrating when a service crashes and fails to deliver on that primary task!

Not to worry though, we’ve got your back. Here are a couple of ways to ensure that your Windows Service rebounds quickly after a crash (or other failure).

Solution #1: Configure Service Recovery (Basic)

Good news! Windows Services come with a built-in recovery mechanism.

If you open your troublesome service in the Services application, you will notice the Recovery tab:

Services Recovery Tab

There, you can specify what happens the first, second and subsequent times that your service fails.

Windows can perform one of the following three actions in response to a failure:

  • Restart the service

  • Restart the computer

  • Run a program

Or you can select “Take no action” to do nothing at all. That is the default for new services.

If you choose to run a program, you must specify the full path to the program to run, along with any parameters required.

For your situation, we recommend that you set all failure actions to “Restart the Service”:

Recovery Tab: Restart the Service

Simple, right? Well, maybe not. While the actions are straightforward, exactly what defines a failure? Under what conditions will Windows invoke the actions you have specified (i.e. to restart the service)?

Let’s back up a bit and address that mystery.

Microsoft’s definition of service failure

From the technical documentation, a service fails if it:

  1. Terminates without reporting a status of SERVICE_STOPPED to the Service Control Manager, or

  2. Exits with a non-zero exit code.

Note that (b) applies only if the Enable actions for stops with errors box on the Recovery tab is checked. You should definitely enable that option because doing so will allow Windows to catch a wider range of failures of your misbehaving service.

To sum up, here is our final recommended recovery configuration:

Recovery Tab: Recommended settings

Next, let’s look at where Windows Service recovery does a great job and where it’s not quite up to the task.

What service interruptions are covered by the Recovery tab?

The recovery settings above will cover a wide array of interruptions of your service.

For example, Windows will restart your service if:

  • The service ends unexpectedly

  • The service’s process is terminated (e.g. someone kills it from Task Manager)

  • The service exits with a non-zero error code

What service interruptions are NOT covered by the Recovery tab?

Sadly, the following disruptions are not handled by the basic recovery settings:

  • The service fails to start at boot

  • Someone accidentally stops the service from Services (or using the NET or SC commands)

  • The service stops unexpectedly but exits with code 0 (e.g. due to a bug in the software)

  • An internal component of the service crashes but the service shuts down normally

  • The service has a memory leak and stops working after it runs for a while

Other ways that Service Recovery falls short

Besides the above:

  • Service failures will be silent. That’s because the recovery options do not include notification. As a result, you may not find out when your service fails to start.

  • There is no protection in “zombie” situations — where your service is running but isn’t working as expected. Unfortunately, the recovery options are not sophisticated enough to look beyond the service’s status.

Solution #2: Deploy Service Protector (Advanced)

For comprehensive protection against a wide range of problems — including the ones listed above — you should use our Service Protector software.

Service Protector keeps any Windows Service running 24/7/365. Whenever a service stops — no matter the reason — Service Protector will immediately restart it.

Here’s a look at Service Protector babysitting the Windows print spooler service on our Server 2022 machine:

The Print Spooler service is protected

But Service Protector is much more than automatic restarts. Here are some of its key features:

Stuck service detection

Service Protector will handle non-responsive services that become stuck in the “Stopping” or “Starting” states for too long.

CPU hog detection

You can tell Service Protector to restart your service if it “runs hot” for a long period.

Memory leak/hog detection

A Windows Service that constantly eats up RAM can lead to disaster. Service Protector will terminate and recycle leaky services, to free up accumulated memory and restore normal operation.

Email alerts when things go wrong

To ensure that you are kept in the loop, Service Protector can send you an email whenever your service fails.

Extensibility

Extend Service Protector with your own, customized failure detection plugins. Use them to detect and restart “zombie” Windows Services.

Workflow

Need to perform some housekeeping tasks before your service starts? Service Protector can run a batch file (or program) before restarting your Windows Service.

Scheduled restarts

Sometimes software that has been running for too long doesn’t work. Service Protector can restart your service (or reboot the PC) at specific times, to minimize the effects of memory leaks and keep your service “fresh”.

Daily/Weekly reports

Service Protector will email you summaries of restarts, crashes, etc.

Error control

Service Protector will automatically dismiss those annoying “I have crashed!” message boxes that can halt the action.

Restores disabled services

If some clever person disables your service from the Services application, Service Protector will automatically re-enable it.

Try Service Protector for Free

Best of all, you can setup your service with Service Protector and see how it works completely free for 30 days. No need to make a purchase, register your email or provide a credit card. Just download and install.

Finally, while the Recovery tab is free, a perpetual license of Service Protector costs $69.99.

Nevertheless, if you are operating in a commercial environment where downtime is costly, we recommend making that modest investment to bulletproof your servers.

Best of luck with your service!

Posted in Windows Services | Tagged , , , , , | Leave a comment

Windows Server 2022: A Few Improvements, but No Changes to Windows Services

Windows Server 2022

With surprisingly little fanfare, Microsoft released Windows Server 2022 in August 2021.

Don’t feel bad if you failed to notice — few people did! Clearly all the hype was focused on Windows 11, which debuted about six weeks later.

Anyway, here’s our technical take on the new operating system.

What’s new in Windows Server 2022

Server 2022 is more evolution than revolution. In fact, the most significant improvements are all under the hood.

Here are the top 3 enhancements, from our team’s perspective:

1. Tighter Security

  • Firmware attack prevention: When Server 2022 boots, it closely monitors boot processes to detect and block firmware-based viruses.

  • TLS 1.3 is enabled by default: The most advanced Transport Layer Security (TLS) protocol secures web traffic on Server 2022.

  • Encrypted DNS protects network conversations: The DNS Client now supports HTTPS, to keep your DNS traffic private.

Be sure to check out the full list of security improvements in the official documentation.

2. Better control through Windows Admin Center

Since its launch in 2019, Windows Admin Center (WAC) continues to get better in each version of Windows Server. We’re fans, and our team makes heavy use of WAC with our testing servers.

Besides controlling the new security features, WAC now includes automatic updates, automated extension lifecycle management and more.

3. Faster networking

TCP & UDP — the foundational communication protocols underpinning the Internet — received some overdue love and attention in Server 2022.

For example, TCP is more efficient on high-speed networks. That leads to smoother (and swifter) downloads.

Moreover, UDP packets can now go directly from the CPU to the network adapter’s specialized hardware. And on the receiving end, packets are coalesced to reduce CPU demands even more.

You should welcome these key performance upgrades — especially if you’re running a web server or other network-hungry software.

Windows Services: No new features or improvements

Microsoft didn’t alter any of the Windows Service functions in Server 2022. In fact, the Services API remains exactly the same as it is in Server 2019.

And because the underlying Windows Services functionality didn’t change, Server 2022 does not revise the popular service-related tools distributed with the operating system either.

The Services application (a.k.a. “services.msc”) looks exactly the same as it does in Server 2019:

Services on Windows Server 2022

Similarly, the command line options for the NET and SC utilities remain frozen in their 2019 state. Here you can see a comparison of SC’s output in Server 2022 and in Server 2019:

SC in Server 2022 vs 2019

AlwaysUp & Service Protector are fully compatible with Server 2022

We’ve been testing Windows Server 2022 every day for the past 3 months. In that time, we have not detected any incompatibilities with our software.

AlwaysUp launched Dropbox, OneDrive, Node.js and everything else we threw at it with zero problems.

To illustrate, here is AlwaysUp running NGINX as a Windows Service:

AlwaysUp running NGINX on Server 2022

Service Protector fared just as well. We tested Apache, PostgreSQL and MongoDB Windows Services, all without incident:

Service Protector on Server 2022

More information & resources

  • Watch this instructive video to learn even more about Windows Server 2022:

  • Did you know that you can try Windows Server 2022 for 180 days at no charge? Simply download and install. It’s a great way to test drive the new operating system before paying for an upgrade.

  • Mainstream support for Windows Server 2022 ends on October 13 2026. Extended support lasts for another 5 years and concludes on October 14, 2031. Mark your calendar!

Posted in Windows | Tagged , , , , , | Leave a comment

AlwaysUp Web Service Supports Reverse Proxy Servers

Reverse Proxy

AlwaysUp Web Service version 13.2 was published on February 4 2022.

This new release — which is fully certified for Windows 11 and Windows Server 2022 — includes a handful of improvements and fixes. Consequently, please upgrade at your earliest convenience.

But of all the new features, the ability to work with reverse proxy servers is the most impactful. So let’s dig into that capability today…

What is a Reverse Proxy? Why would I use one?

A reverse proxy is an application that sits in front of one or more back-end services and enables users to access those services from a single location. In doing so, the proxy “hides” the location and other details of the back-end services from the users.

For example, let’s take Acme Inc — an IT company that operates three web services. Acme hosts each web service on its own internal server, accessible at the following URLs:

  • http://10.0.0.104/get-menu

  • http://10.0.0.105/wsapi/v2/create-booking

  • http://10.0.0.106:8880/daily-report.php

Because the web services are deployed on the company’s private network (10.x.x.x), none of them are accessible from the Internet. Therefore, customers cannot get menus, create bookings or view reports. And Acme wants to change that.

To make the web services accessible to its customers, Acme introduces a reverse proxy. Their IT team deploys a new server and configures it securely at https://api.acme.com.

Now customers can visit all three services under the same umbrella, at:

  • https://api.acme.com/api/food/get-menu

  • https://api.acme.com/api/reservations/wsapi/v2/create-booking

  • https://api.acme.com/api/reports/daily-report.php

As a result, with the help of the reverse proxy, Acme has provided a valuable service to it’s customers — all with security, scalability and usability in mind!

Reverse Proxy configuration

In order for AlwaysUp Web Service to work with a reverse proxy, the proxy must pass the following headers in each request it forwards:

  1. X-Base-URL: The path/location where the proxy server serves AlwaysUp Web Service. For example, if AlwaysUp Web Service should be available at http://proxy.acme.com/alwaysup-web-service/, the X-Base-URL value should be /alwaysup-web-service/.

  2. X-Forwarded-For: The originating IP address of the client connecting the proxy server. This allows AlwaysUp Web Service to track the true source of the request.

Reverse Proxy setup with NGINX

Let’s review an example with NGINX — a popular web server that supports reverse proxy configuration.

Acme hosts AlwaysUp Web Service at http://10.10.0.1:8585. In addition, its Internet-facing proxy server is accessible at http://proxy.acme.com.

To make AlwaysUp Web Service available to users outside of Acme’s internal network, the server section of the proxy’s NGINX configuration file looks like this:

server {
      listen 80;
      location /alwaysup/ {
            proxy_set_header X-Base-URL /alwaysup-web-service/;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://10.10.0.1:8585/;
      }
}

With that setup in place, Acme’s users can access AlwaysUp Web Service at http://proxy-server/alwaysup-web-service.

SSL Configuration

Setup is a tad more complicated when working with HTTPS. Assuming the same conditions as above, here is Acme’s NGINX configuration for the SSL scenario:

server {
      listen 443 ssl;
      ssl_certificate "ssl/certificate.pem";
      ssl_certificate_key "ssl/certificate-key.pem";
      ssl_protocols TLSv1.2;
      location /alwaysup/ {
            proxy_set_header X-Base-URL /alwaysup/;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://10.10.0.1:8585/;
      }
}

Feel free to use the self-signed certificate files distributed with AlwaysUp Web Service. They are available in the “certificates” sub-folder of the installation directory.

A sample NGINX configuration file (with server sections for both the HTTP and HTTPS scenarios) is available at our website.

Enjoy!

Posted in AlwaysUp Web Service | Tagged , , , | Leave a comment

Q&A: Why can’t I open my Dropbox files even though Smart Sync is off?

Q&A: Why can't I open my Dropbox files even though Smart Sync is off?
  I just installed AlwaysUp (13.3.3.17) specifically to keep a Dropbox synchronized with a Win 2012 R2 server.

I have followed the installation guide (wizard and then double checked the setting). Smart Sync is turned off.

The service seems to start from AlwaysUp, and using Process Explorer I can see that Dropbox started with a bunch of TCP/IP connections (5 or 6) after running for a few minutes, then that drops to 3 then 2 then back to 3 connections. However, I think this is a red herring because starting "in this session" does the same.

Anyway, if I try to access one of the files from the Dropbox folder I can navigate to the file but it is "lightened" (not greyed out, but not full color). When I try to open the file, a PDF for example, I get an error that the file cannot be accessed.

The server is not the original source of the data. That is, other people modified/created files in Dropbox and the server needs to access them.

If I restart the service “in this session”, when I access a file I see a Dropbox notification that the file is being download and I have access to the file.

This situation reads like the issues reported and fixed by setting QT_OPENGL as a environment variable but I tried it and still no luck.

Dropbox is the very latest, version 139.4.4896. I’m using a paid account.

If AlwaysUp cannot keep Dropbox running/syncing in the background then it is of no use to us.

How should we proceed to fix this?

— Christopher

Hi Christopher, sorry to hear of the trouble! We have hundreds of clients running Dropbox with AlwaysUp every day so I’m sure that we’ll be able to resolve your problem soon.

What’s up with Smart Sync?

You are on the right track in disabling the Smart Sync feature. As described in this article, Smart Sync doesn’t play well with background operation, such as when you start Dropbox at boot as a Windows Service.

Based on your message, you’ve configured the Sync tab of your Dropbox Preferences window like this, right?

Disable Smart Sync for new files

That’s good, but turning off the Save hard drive space automatically option might not be enough to get rid of Smart Sync entirely. That’s because the setting only applies to new files uploaded to Dropbox.com. It’s simply the default going forward.

Most importantly, some files uploaded to dropbox.com before you turned off Smart Sync may NOT be present to your hard drive. They will remain as “online only”, and Dropbox will only be fetch them from the cloud when you first open them on your server. As a result, those “older” files will be inaccessible when you are running Dropbox as a Windows Service with AlwaysUp.

Fortunately, the problem has an easy fix. Simply instruct Dropbox to download all your files — for real.

How to make all your Dropbox files “Local” (not “Online only”)

To force Dropbox to fully download all your files to your PC, you can update the settings for each folder.

Navigate to your Dropbox directory in File Explorer, right-click a sub folder and select Smart Sync > Local from the menu:

Set Smart Sync folder to Local

However, that may be very tedious!

Your best bet is to do away with the Sync feature entirely — as guided by the Dropbox crew:

Uninstall the system extension

Note: Uninstalling the system extension will disable Smart Sync, but you’ll still be able to use the Dropbox desktop app.

To uninstall the system extension:

  1. Sign in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the upper-right corner.
  3. Choose Settings.
  4. Click the General tab.
  5. Toggle Dropbox system extension to off.

Admins: Uninstall the system extension from your team’s computers

As an admin, you can uninstall the Smart Sync system extension from your team’s computers. To do so, follow this link to the uninstall page of the admin console, check the boxes, and click Uninstall.

After the system extension is uninstalled, team members can still use the Dropbox desktop app, but all of their online-only files will become local and Smart Sync will be disabled for both their team account and any linked personal account they may have.

Alternatively, you can manage your team’s default Smart Sync settings without uninstalling the system extension for your team.

And with Smart Sync deactivated, Dropbox will download all your files when its running as a Windows Service. You shouldn’t have any problems opening your files.

Happy Dropboxing!

Posted in AlwaysUp | Tagged , , , , | Leave a comment

We’re Not Affected by the December 2021 Apache Log4j Vulnerability

We're Not Affected by the Apache Log4j Vulnerability

In early December 2021, a severe remote code vulnerability was revealed in Apache Log4j — a very popular Java-based logging framework used by developers of web and server applications.

The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous — and the latest updates for those server applications urgent! In fact, malicious actors are already hard at work exploiting the flaw.

We’re taking this issue very seriously at Core Technologies Consulting. A thorough analysis of our systems has concluded that:

  • None of our Windows software uses Apache Log4j.

    AlwaysUp, Service Protector and our free utilities are not exposed.

  • Log4j2 <= 2.14.1 is not used by any software in our infrastructure.

    Our back end components use other logging frameworks (e.g. Monolog) to capture important messages from the server software.

  • All back end security patches have been applied.

    Our Linux application servers are configured to automatically deploy security patches as they become available.

We’ll continue to monitor the situation as it evolves.

Please be sure to reach out to our support team if you have any questions or would like additional information.

Stay safe!

Posted in Support | Tagged , , , , , | Leave a comment