Are there any log file about Windows Services Status? - windows-services

I want to figure out when the services was start up and terminated. Are there any kind log file about it?

Under Windows 7, open the Event Viewer. You can do this the way Gishu suggested for XP, typing eventvwr from the command line, or by opening the Control Panel, selecting System and Security, then Administrative Tools and finally Event Viewer. It may require UAC approval or an admin password.
In the left pane, expand Windows Logs and then System. You can filter the logs with Filter Current Log... from the Actions pane on the right and selecting "Service Control Manager." Or, depending on why you want this information, you might just need to look through the Error entries.
The actual log entry pane (not shown) is pretty user-friendly and self-explanatory. You'll be looking for messages like the following:
"The Praxco Assistant service entered the stopped state."
"The Windows Image Acquisition (WIA) service entered the running state."
"The MySQL service terminated unexpectedly. It has done this 3 time(s)."

Take a look at the System log in Windows EventViewer (eventvwr from the command line).
You should see entries with source as 'Service Control Manager'. e.g. on my WinXP machine,
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7036
Date: 7/1/2009
Time: 12:09:43 PM
User: N/A
Computer: MyMachine
Description:
The Background Intelligent Transfer Service service entered the running state.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Through the Computer management console, navigate through Event Viewer > Windows Logs > System. Every services that change state will be logged here.
You'll see info like:
The XXXX service entered the running state or The XXXX service entered the stopped state, etc.

The most likely place to find this sort of information is in the event viewer (under Administrative tools in XP or run eventvwr) This is where most services log warnings errors etc.

Related

Windows Service running with Local System rights, wants to create child processes from windows service which will running with Local User rights

I am working on windows service application where currently it is running on administrator privileges.
For that I need to set administrator info in service log on settings.
Above windows service is creating child processes with local user privileges.
This is working fine.
Now I want to change windows service application to run with "Local System" privileges instead of administrator.
But if I change the log on setting to "Local System" then, Child processes are not starting and throws exception "access denied".
I think that "local system" account has all permission to do anything.
It is even stronger than administrator account.
Then why it cannot start child processes?
Please guide me if my perception is wrong
Local System certainly DOES NOT have "all permission to do anything". That would mean that if someone managed to get INTO that process.. they could really run amok on the system.
Group Policy Editor will show you EXACTLY who can do what so you don't need to guess your way through.
Open GPEDIT.MSC
Navigate to Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment
On the right hand side, Look for Obtain an impersonation token for another user in the same session.
I am not 100% sure that this is the setting you need (I haven't tried it) but I THINK it is. Even if it isn't, browse around this section of group policy to see who can do what. Clearly the setting you want won't have "Local System" on the list ;)
I hope this helps. :) GOOD LUCK!

Cannot start Batch service after upgrade to Platform update 32

i've upgraded test (onebox) environment to Platform update 32 and i cannot start Microsoft Dynamics 365 Unified Operations: Batch Management Service, there is a warning message that says:
In event viewer i see the following:
What i've tried so far:
1) Synchronized and built application from Visual Studio - fine
2) Checked if system is in maintenance mode - it is not
3) Tried to play with "Log on" tab of the service (on behalf of which user service is running) - didn't help
4) Checked if event log is full, cleared, extended allowed space for log twice and let it overwrite itself if it's full - didn't help
P.S. I suggest there is something with database (maybe any issue is enabled/disabled) but i cannot understand which one exactly (cannot find ScaleUnitFeature from event log anywhere).
I cannot restore/delete/replace database because it's important to keep all the data/set up on it

TFS - Build Service Starts and then throws a HTTP code 500: System.ServiceModel.ServiceActivationException

I have been working on restoring a build server (tfs 2012) from a backup and all manner of things got messed up (the tfsservice account password had been altered and I had to go to every service and app pool on the box and update it). Once sql was backup I was able to update the password via the TFS admin console app. Then I was able to re-register the build service and add a controller and a build agent. It starts briefly and shows green for a few seconds before stopping and a "details ..." button appears next to the Build Service. If I click the details button I see the following
"Please contact your administrator. There was an error contacting the server. Technical information (for administrator): HTTP code 500: System.ServiceModel.ServiceActivationException"
I have checked the http bindings in iis for the tfs site and there is only the one "*:8080"
I tried hardcoding it to the ip on the box and I still get the same error. If I go to one of the client machines and try and queue a build it shows the build server as being offline.
I have also checked for multiple host headers and the memory utilization which are the most common responses to this particular issue. Neither of them seem to be the cause or the solution.
Any ideas or suggestions are welcome I have run out of ideas to try here. Thanks in advance for any help you have to offer.
EDIT -- also found this in the log: Build machine MyMachine lost connectivity to message queue tfsmq://buildservicehost-25/.

w3wp process not found

I use Visual Studio 2010 to debug a asp.net MVC project in my local machine. The steps are:
Click Debug and try to attch process "w3wp.exe". However it is not in the list.
I am sure "Show processes in all sessions" is clicked.
w3wp.exe won't show in the running process' unless there is actually an instance of the web application running.
Try to access your web page first, when it is displayed for the first time, try to attach your debugger. The process should now show up.
You need to click Show Processes from All Users at the bottom of the Task Manager list. This is what i needed to do.
Restart IIS
Right click your site >> Manage Website >> Browse
Back into Visual Studio refresh the processes list
Try to check on :"Show Processes for All Users"
When on the 'Attach to Process' window in the bottom left there is a checkbox 'Show Processes for All Users'
An easy way that works ,when w3wp dont appear in the list,open a browser and write localhost ,then enter.After that w3wp appears to list.
Just because an IIS application pool is started, there may not be an
IIS worker process w3wp running. IIS will not start the worker
process until the first web request is received.
In my case, I first launched the application, still could not find w3wp.exe. Then I took the worker process ID from (IIS->Worker Process -> Process Id) and then search by id in the details tab and found it.
Clear the Solution
Rebuild the solution
Reset the IIS by writing the command iisreset in command prompt
Go to IIS and browse your website
Run VS as administrator
Tools -> Attach to process -> Ensure the 'Show Processes for All Users' checkbox is checked -> w3wp.exe
Attach to w3wp.exec
If you are using something like Advanced Rest Client to test routes, call your route again then refresh the list of processes and it will show up
GoTo Web Project properties -> Select (Web) on the left sidebar -> GoTo under (Servers) header -> Click to dropdown and select "Local IIS"
and apply. Then, when you start debugging you will see w3wp.exe on the proccess list.
I just ran into this issue - you may want to also double check your host settings and verify that you are actually pointed to localhost and not a production server.
I forgot I was pointed at a remote server, and thus, though I was accessing the site, it wasn't anything local so w3wp wasn't running, despite my superficially being able to see the site running.
In my case, I have not opened the Visual Studio in Admin mode that is why the w3wp.exe was not showing on the list.
When I opened the Visual Studio in Admin mode, it worked.
Right click on Visual Studio -> Open in Admin mode.
In my case, once I rebuild the web project and raise the limit of Connection Time out (in seconds), it automatically shows in Debug/Attach to Process list and keeps working.
I would just like to share my experience as well for future readers.
Be aware that, in the event that you have a web server cluster configuration (for load balancing etc) the w3wp process might not start on the same machine that you expect it to.
Unless your website is configured to only run on a single IIS instance, the w3wp process might be spinning up on one of the other machines inside of your web cluster.
This might be faulty configuration from the networking team/department or intended behaviour. I don't have the neccessary experience to pin point exactly how it should be configured.
Found a related page on MSDN as well:
https://msdn.microsoft.com/en-us/library/bb742600.aspx
In my case, I needed to connect from one Visual Studio to the process which running from another VS studio window.
The problem was next: one VS was launched with Administrator permissions. For resolving that issue you should launch both VS with Admin perm.
In my case, the problem was that I wasn't running Visual Studio as Administrator. My machine had restarted after an update and relaunched all the previously running processes, but had only relaunched VS in non-admin mode. When I restarted VS in admin mode, the w3wp.exe processes were available again for debugging.
Run the remote debugger as an administrator.
I followed every suggestion to resolve the issue, but it was not until I ran the remote debugger as an administrator that I was able to see the w3wp process
Try the following steps:
Create a virtual path from Solution Explorer.
Go to inetmgr to confirm that your own pool is created.
Go to Attach Process (Ctrl+Alt+P) and show processes for all users.
Then you will see w3wp.exe will be there.
Be aware that even after jumping through all these hoops (kicking off an instance using a web browser, starting your remote debugging session as an admin, ensuring that "show all users" is checked, etc., ensuring you aren't on a server farm, etc), you may still at times be out of luck.
There are times when the remote process, usually a WCF service in my case, simply will not show up in the list of processes to attach to, and there's nothing that can be done about it. I'm always careful to make my target process readily identifiable by keeping it and only it in a certain App Pool. Sometimes you just can't get there from here. This is undoubtedly the most frustrating thing about remote debugging Microsoft has ever done.
my answer is late for sure, but maybe my answer will help someone.
Go To IIS.
Application Pools.
Advance Setting.
enable 32.bit Application.
Make your Application Running Under enable 32.bit Application.

(SC) DeleteService FAILED 1072

Last time I create WAS profile and WASService then I try to config and run many script for learn how to config WAS, Finally it crash so i use wasprofile delete this profile and forgot delete WASService.
Now I found IBM Webphere Application Server service display in services.msc list, so I tried to delete it with WASService.exe -remove command and windows SC command but I got message
C:\Program Files\IBM\WebSphere\AppServer\bin>sc delete "IBMWAS61Service - DEV"
[SC] DeleteService FAILED 1072:
The specified service has been marked for deletion.
make sure the service is stopped, the services control panel is closed, and no open file handles are open by the service.
Also make sure ProcessExplorer is not running.
I had a similar problem and what I did to overcome it was the following:
Stop the service: net stop "ServiceName"
Ensure: the "mmc.exe" process does not exist (The "Services" list window): taskkill /F /IM mmc.exe
Delete the service: sc delete "ServiceName"
C:\server>sc delete "ServiceName"
[SC] DeleteService SUCCESS
Now, if I execute another sc command, what I get is the following:
C:\server>sc delete "ServiceName"
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
But not the 1072 error message
What I've done is go to this location in regedit:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
From here, you will see a folder for every service on your machine. Simply delete the folder for the service you wish, and you're done.
N.B: Stop the service before you try this.
For some buggy reason both Event Viewer and/or Services.msc won't do a proper refresh when you tell them to!
Close them and restart, and the service would have been deleted anyway.
I had the same issue. After I closing and re-opening the Computer Management window the service was removed from the list. I'm running windows 7
In Windows 7, make sure Event Viewer closed before deleting.
I had this error also, make sure the exe the service is pointing to is stopped. Also make sure you don't have any Windows dialog boxes behind your other windows. That is why mine wasn't deleting. There was a windows message behind it saying this service has been deleted or something similar.. just had to click ok, there it went.
I had the same error due to a typo in the service name, i was trying to delete the service display name instead of the service name.
Once I used the right service name it worked fine
Logging-out and logging-in again close all blocking apps thus resolves the problem.
The 3rd party application uninstaller had removed the files for the service and then left the service in this pending deletion state.
After trying to close all applications, identifing PID of service(couldn't) for kill, logging off all other users and logging off and on, rebooting was the only fix that worked for me.
One situation where this can also happen is if there is some other service or application that is holding open a service handle obtained with OpenService. For example, a monitoring service that starts and stops services based on some external event can keep open handles to each of the services it monitors. In this case, uninstalling the service would leave it in the "marked for deletion" state until all handles obtained with OpenService are closed.

Resources