Windows Service Check

Windows systems rely on services to deliver essential functionality to users, devices, and applications. The Windows Service Check monitors selected services and triggers a failure alert if a service is in a Stopped state.

How it works

During agent installation, the system scans for services set to start automatically. If a match is found in the services.ini file, a check is automatically added for that service.

You can also manually add Windows Service Checks:

  • During or after agent installation
  • From the All Devices view

Add a Windows Service Check from the All Devices view

  1. In the All Devices view North-pane, select the device.
  2. In the South-pane, go to the Checks tab.
  3. Click Add Check > Add 24x7 check> Windows Service Check.
  4. Use search to select the service you want to monitor.
  5. (Optional) Configure the following settings:
    • PASS if service is in "Start Pending" mode: Avoids false failures during service startup.
    • RESTART service if "Stopped": Automatically restarts the service if it stops unexpectedly.

      Some services may stop routinely as part of normal operation. Restarting these services prematurely can cause unexpected behavior or system issues. Restart-related alert options are only available if Restart service if "Stopped" is enabled.

      • If enabled, configure restart alert thresholds:
        • Number of consecutive restarts before alert (1–50). Sending an alert resets the consecutive failure counter.
        • Alert if service is restarted X times in Y hours (1–5 restarts in a defined time window). Sending an alert resets the consecutive failure counter.
    • Number of consecutive failures before alert: Set how many failures trigger an alert (1–5). Sending an alert resets the consecutive failure counter.
    • Assign a Task after creating the Check: If you are configuring the check on a server, you can Run an Automated Task when a Check fails.
  6. Select OK to save and apply the check.
  7. If you selected Assign a Task after creating the Check in the step above:
    1. Choose the Automated Task script.
    2. Select Next to configure parameters.
    3. Enter any required Command Line parameters or Script parameters and select Next.
    4. (Optional) Set maximum permitted execution time for the script.
    5. Select Finish to save and apply the task.

Edit a Windows Service Check

  1. In the All Devices view North-pane, select the device.
  2. In the South-pane, go to the Checks tab.
  3. Right-click the target Windows Service Check and select Edit Check.
  4. Configure the settings.
  5. Click OK to save and apply the check changes.

Delete a Windows Service Check

  1. In the All Devices view North-pane, select the device.
  2. In the South-pane, go to the Checks tab.
  3. Right-click the target Windows Service Check and select Delete Check.
  4. Enter the password you used to sign into N-sight RMM to confirm removal.
  5. Click OK to delete.

Check conditions

The check queries the state of the service and reports back on the following conditions:

N-sight UI/Agent message Service state
Pass Start
Fail (or Pass if Start Pending option enabled) Start Pending
Fail Stopping/Stopped
Cannot open service Service login failure or Service no longer exists

Where the Advanced Monitoring Agent queries the specified service on the server and it returns it is in the Stopping/Stopped/Start Pending or Cannot open service state an Alert is generated.

As indicated in the above table where the error message Cannot open service is displayed it may be that the account the Advanced Monitoring Agent Service is logged on under does not have sufficient privileges to query the service (in which case this may be resolved by changing the Advanced Monitoring Agent service logon account) or the service the Agent is monitoring no longer exists.

This can happen when the service has been uninstalled or renamed, for example as part of a program update, since the Check was added. To resolve this problem simply remove the existing Windows Service Check entry via the Delete option then Add its replacement (if available) from the drop-down Windows Service list.

The deprecated Agentless Scan and MiniAgent Auto-Start Windows Services Check only monitors the services, it cannot restart them.Windows Service Check - Trigger Events

Unsupported Special Characters

Where the Windows Service name contains an unsupported special character, this is represented by a ? in the service name.

Trigger Events

Trigger events are designed to reduce the number of Services that run in the background and were introduced by Microsoft from Windows Server 2008 R2 and Windows 7.

Rather than automatically start with the system, then run in the background until they are required; with trigger events the Service is started then stopped when requested.

If a Service is identified as using a trigger, the Service is excluded from automatic addition during the Check detection process.

We have taken the approach to ignore these Services, as if a Windows Service Check is added for a trigger event Service the Check will primarily be in the failed state and only pass when the service is triggered.

Include Trigger Controlled Services - Device Level

To include trigger event controlled Services in the Check detection add the following string in the settings.ini file before registering the Agent and / or running Check Detection.

  1. Login to the target device.
  2. Navigate to the Agent installation folder, by default:
    • C:\Program Files (x86)\Advanced Monitoring Agent (64-bit operating systems)
    • C:\Program Files\Advanced Monitoring Agent (32-bit operating systems)
  3. Open the settings.ini file in a text editor.
  4. Go to the [247CHECK] section; or create a [247CHECK] section.
  5. Add the string: SNIFFTRIGGERSERVICES=1
  6. Save the settings.ini file to apply.
  7. To return to the ignore trigger events change the above setting to: SNIFFTRIGGERSERVICES=0