Windows Service Check

Windows systems are underpinned by Windows Services - these services provide crucial functions to users, machines and applications network-wide.

The Windows Services Check monitors the selected Windows Services and fails where a service is in the stopped state.

During the installation process the Agent queries the device for any Windows Services that are set to start automatically, it then compares any discovered services with the services.ini file and where a match is found a Check is automatically added for the service(s). Additional Windows Service Checks can be added manually either in the Agent (during and post-installation) as well as from the Dashboard (post-installation).

Check configuration

Add

  1. On the N-sight RMM Dashboard North-pane, select the device
  2. Go to the Checks tab
  3. Click Add Check
  4. Choose Add 247 > Windows Service Check

    1. Select the Windows Service from the drop-down

    2. Enable PASS if "Start Pending" to avoid the generation of failures where the status of the service is Start Pending
    3. Select the RESTART service if Stopped option to ensure essential services are always running. If enabled configure the restart Alert settings.

      4. Some services may routinely stop as part of their normal operation, and restarting such services prematurely may cause problems

    4. Number of consecutive failures before alert sent this option sends an Alert when the number of consecutive failures exceeds the entered threshold figure. To adjust the sensitivity of the Alert generation select the number of consecutive failures from the drop-down (1-5). Please be aware that sending an Alert resets the consecutive failure counter.
    5. Number of consecutive restarts before alert* this option sends an Alert when the number of consecutive restarts exceeds the entered threshold figure. To adjust the Alert generation sensitivity select the number of consecutive restarts from the drop-down (1-50). Please be aware that sending an Alert resets the consecutive restart counter.
    6. Alert if service is restarted X times in Y hours* this option sends an Alert when the cumulative number of restarts exceeds the entered threshold figure during the selected time period. To adjust the Alert generation sensitivity select the number of restarts from Alert if service is restarted (1-5) and times in () hours Please be aware that any restarts that results in a consecutive restart Alert are excluded from the cumulative count.

      7. * These options are only available where RESTART service if Stopped is enabled

  5. To run an Automated Task when the Check fails choose Assign a Task after creating the Check
  6. OK to save and apply
  7. Where Assign a Task after creating the Check is selected:
    1. Select the script
    2. Click Next to configure
  8. Enter the Command Line parameters (if required)
  9. Set a Script timeout in the range 1 - 3600 seconds (default 120 seconds)
  10. Click Finish to save and apply

Edit

  1. On the N-sight RMM Dashboard North-pane, select the device
  2. Go to the Checks tab
  3. Select the target Windows Service Check
  4. From the Check drop-down
  5. Click Edit Check (also available from the Check's right-click menu)
  6. Configure the settings
  7. Click OK to save and apply

Delete

  1. On the N-sight RMM Dashboard North-pane, select the device
  2. Go to the Checks tab
  3. Select the target Windows Service Check
  4. From the Check drop-down
  5. Click Delete Check (also available from the Check's right-click menu)
  6. Enter the password you have logged into the Dashboard under to confirm removal
  7. Click OK to delete

Check Conditions

The check queries the state of the service and reports back on the following conditions:

Dashboard/Agent Message Service State

Pass

Start

Fail (or Pass if Start Pending option enabled)

Start Pending

Fail

Stopping/Stopped

Cannot open service

Service login failure or Service no longer exists

Where the Advanced Monitoring Agent queries the specified service on the server and it returns it is in the Stopping/Stopped/Start Pending or Cannot open service state an Alert is generated.

As indicated in the above table where the error message Cannot open service is displayed it may be that the account the Advanced Monitoring Agent Service is logged on under does not have sufficient privileges to query the service (in which case this may be resolved by changing the Advanced Monitoring Agent service logon account) or the service the Agent is monitoring no longer exists.

This can happen when the service has been uninstalled or renamed, for example as part of a program update, since the Check was added. To resolve this problem simply remove the existing Windows Service Check entry via the Delete option then Add its replacement (if available) from the drop-down Windows Service list.

The deprecated Agentless Scan and MiniAgent Auto-Start Windows Services Check only monitors the services, it cannot restart them.Windows Service Check - Trigger Events

Unsupported Special Characters

Where the Windows Service name contains an unsupported special character, this is represented by a ? in the service name.

Trigger Events

Trigger events are designed to reduce the number of Services that run in the background and were introduced by Microsoft from Windows Server 2008 R2 and Windows 7.

Rather than automatically start with the system, then run in the background until they are required; with trigger events the Service is started then stopped when requested.

If a Service is identified as using a trigger, the Service is excluded from automatic addition during the Check detection process.

We have taken the approach to ignore these Services, as if a Windows Service Check is added for a trigger event Service the Check will primarily be in the failed state and only pass when the service is triggered.

Include Trigger Controlled Services - Device Level

To include trigger event controlled Services in the Check detection add the following string in the settings.ini file before registering the Agent and / or running Check Detection.

  1. Login to the target device.
  2. Navigate to the Agent installation folder, by default:
    • C:\Program Files (x86)\Advanced Monitoring Agent (32bit operating systems)
    • C:\Program Files\Advanced Monitoring Agent (64bit operating systems)
  3. Open the settings.ini file in a text editor
  4. Go to the [247CHECK] section; or create a [247CHECK] section
  5. Add the string: SNIFFTRIGGERSERVICES=1
  6. Save the settings.ini file to apply
  7. To return to the ignore trigger events change the above setting to: SNIFFTRIGGERSERVICES=0