Windows Service Check
Windows systems are underpinned by Windows Services - these services provide crucial functions to users, machines and applications network-wide.
The Windows Services Check monitors the selected Windows Services and fails where a service is in the stopped state.
During the installation process the Agent queries the device for any Windows Services that are set to start automatically, it then compares any discovered services with the services.ini file and where a match is found a Check is automatically added for the service(s). Additional Windows Service Checks can be added manually either in the Agent (during and post-installation) as well as from the All Devices view(post-installation).
Check configuration
Add
- On the All Devices view North-pane, select the device.
- Go to the Checks tab.
- Click Add Check.
- Choose Add 247 > Windows Service Check:
Select the Windows Service.
- Select the PASS if service is in "Start Pending" mode checkbox to avoid the generation of failures if the status of the service is Start Pending.
- Select the RESTART service if "Stopped" checkbox to ensure essential services are always running. If enabled configure the restart Alert settings. See Restart Windows Services.
- The Number of consecutive failures before alert sent option sends an Alert when the number of consecutive failures exceeds the entered threshold figure. To adjust the sensitivity of the Alert generation select the number of consecutive failures from the drop-down (1-5). Please be aware that sending an Alert resets the consecutive failure counter.
- The Number of consecutive restarts before alert * option sends an Alert when the number of consecutive restarts exceeds the entered threshold figure. To adjust the Alert generation sensitivity select the number of consecutive restarts from the drop-down (1-50). Please be aware that sending an Alert resets the consecutive restart counter.
- The Alert if service is restarted * option sends an Alert when the cumulative number of restarts exceeds the entered threshold figure during the selected time period. To adjust the Alert generation sensitivity select the number of restarts from Alert if service is restarted (1-5) and times in () hours. Please be aware that any restarts that results in a consecutive restart Alert are excluded from the cumulative count.
Some services may routinely stop as part of their normal operation, and restarting such services prematurely may cause problems
* These options are only available if RESTART service if Stopped is enabled.
- Select OK to save and apply.
- If you selected Assign a Task after creating the Check:
- Select the Automated Task script and select Next to configure.
- Enter any required Command Line parameters or Script parameters and select Next.
- Set maximum permitted execution time for the script (optional).
- Select Finish to save and apply.
Edit
- On the All Devices view North-pane, select the device.
- Go to the Checks tab.
- Right-click the target Windows Service Check and select Edit Check.
- Configure the settings.
- Click OK to save and apply.
Delete
- On the All Devices view North-pane, select the device.
- Go to the Checks tab.
- Right-click the target Windows Service Check and select Delete Check.
- Enter the password you used to sign into N-sight RMM to confirm removal.
- Click OK to delete.
Check Conditions
The check queries the state of the service and reports back on the following conditions:
N-sight UI/Agent message | Service state |
---|---|
Pass | Start |
Fail (or Pass if Start Pending option enabled) | Start Pending |
Fail | Stopping/Stopped |
Cannot open service | Service login failure or Service no longer exists |
Where the Advanced Monitoring Agent queries the specified service on the server and it returns it is in the Stopping/Stopped/Start Pending or Cannot open service state an Alert is generated.
As indicated in the above table where the error message Cannot open service is displayed it may be that the account the Advanced Monitoring Agent Service is logged on under does not have sufficient privileges to query the service (in which case this may be resolved by changing the Advanced Monitoring Agent service logon account) or the service the Agent is monitoring no longer exists.
This can happen when the service has been uninstalled or renamed, for example as part of a program update, since the Check was added. To resolve this problem simply remove the existing Windows Service Check entry via the Delete option then Add its replacement (if available) from the drop-down Windows Service list.
The deprecated Agentless Scan and MiniAgent Auto-Start Windows Services Check only monitors the services, it cannot restart them.Windows Service Check - Trigger Events
Unsupported Special Characters
Where the Windows Service name contains an unsupported special character, this is represented by a ? in the service name.
Trigger Events
Trigger events are designed to reduce the number of Services that run in the background and were introduced by Microsoft from Windows Server 2008 R2 and Windows 7.
Rather than automatically start with the system, then run in the background until they are required; with trigger events the Service is started then stopped when requested.
If a Service is identified as using a trigger, the Service is excluded from automatic addition during the Check detection process.
We have taken the approach to ignore these Services, as if a Windows Service Check is added for a trigger event Service the Check will primarily be in the failed state and only pass when the service is triggered.
Include Trigger Controlled Services - Device Level
To include trigger event controlled Services in the Check detection add the following string in the settings.ini file before registering the Agent and / or running Check Detection.
- Login to the target device.
- Navigate to the Agent installation folder, by default:
- C:\Program Files (x86)\Advanced Monitoring Agent (32bit operating systems)
- C:\Program Files\Advanced Monitoring Agent (64bit operating systems)
- Open the settings.ini file in a text editor.
- Go to the [247CHECK] section; or create a [247CHECK] section.
- Add the string: SNIFFTRIGGERSERVICES=1
- Save the settings.ini file to apply.
- To return to the ignore trigger events change the above setting to: SNIFFTRIGGERSERVICES=0