Determining where a STOP is coming from

  • Thread starter newjerseyrunner
  • Start date
In summary, this person is having problems with a service on a server that they inherited and they're trying to figure out what's causing the issues. They're also trying to determine if there are any commonalities between the event logs from the servers that the service is stopping on.
  • #1
newjerseyrunner
1,533
637
I'm having this terrible problem with a server that I inherited. The service has a custom service running on it, and this service handles service commands.

Every hour or so on some of the servers, I see the service go down. It always comes from a STOP. I assumed there must be something wrong with the service, so I added logging to every place where a STOP is generated internally. I got nothing.

That indicates to me that it's coming from another process. Is there any way to determine which process it is? It's too random to try and just wait for it. I checked in the windows automation tools and the scheduler, and there are no tasks in there.
 
Computer science news on Phys.org
  • #2
Ouch. That sounds ugly. Good luck.
 
  • #3
newjerseyrunner said:
I'm having this terrible problem with a server that I inherited. The service has a custom service running on it, and this service handles service commands.

Every hour or so on some of the servers, I see the service go down. It always comes from a STOP. I assumed there must be something wrong with the service, so I added logging to every place where a STOP is generated internally. I got nothing.

That indicates to me that it's coming from another process. Is there any way to determine which process it is? It's too random to try and just wait for it. I checked in the windows automation tools and the scheduler, and there are no tasks in there.

For a helpful answer, details are needed about the service and the specific OS running on server. In any case you need at least the documentation about the service and the way that interacts with the specific OS. If you can't find that, Windows automation tools can be of no help.
 
  • #4
All of those STOP codes are really kernel mode errors.

Homework time before you go nuts...

Did you try this? https://www.lifewire.com/blue-screen-error-codes-4065576
Technet also has articles on each of the specific error codes and what the potential cause is.

1. Are the servers that crash completely patched?
2. was the service in good function on a previous version of Windows? Like Server 2000 and it now plays with windows server 2012 or something
2a. and not recompiled on a newer version? i.e., just ported as an executable? Or or same old box? Or moved to a virtual (this killed us twice).
3. Do you have source or is it from a vendor? Can you get an updated version?
4. Are there parameter files or control files? Can you tell what resources they require? IO_WAIT_QUEUE lengths and other crud like that.
5. Get the sysinternals suite - see if you can determine the resources used - there are several tools, and this sounds like resource exhaustion without anything but a guess. Been there done that.

And, no, I believe it is trying to handle a request that requires more resources than are available to the process, or it simply is not freeing resources correctly. It is from the interaction with a client, the client is not the 'bad guy' necessarily. This is because the problem goes away when you restart the service process. For an hour or so.
 
  • Like
Likes FactChecker
  • #5
The OP really didn't give us enough to go on, at all. There's a server, running a service, that in turn monitors a service on other servers, and that service being monitored is receiving a command to stop. Honestly, with that vague a description it could be anything.

I will give some vague but hopefully useful advice - Bring up a VM and only put the OS and the monitored service/software on it. See if the service gets stopped. Add a firewall and record all communication coming into and out of the server. If the service does stop and the firewall's logs don't help enough, add WireShark. In the meantime, pull the event logs from every server the service stops on - grab the minute before to the minute after. If you script, write a quick powershell script to let you know the status of the service and pull the event logs the moment the service status changes to stopped. Start looking for things in common in those event logs.
 
  • Like
Likes FactChecker
  • #6
Inheriting undocumented stuff is always a nightmare.
I have refused to do a job at one time because there was not sufficient information concerning the faulting software.
I advised that a re-write from scratch would be the best idea, I didn't get the job
 
Last edited:

1. How do you determine where a STOP is coming from?

Determining where a STOP is coming from involves conducting a thorough investigation and analysis of the situation. This typically includes gathering data, conducting experiments, and using various scientific methods to narrow down the possible sources of the STOP. It may also involve collaborating with other experts or using advanced technology to pinpoint the exact location of the STOP.

2. What are some common techniques used to determine where a STOP is coming from?

Some common techniques used to determine where a STOP is coming from include using instruments such as spectrometers, chromatographs, or gas analyzers to analyze the composition of the air or substances in the environment. Other techniques may include monitoring changes in temperature, pressure, or other physical properties, as well as conducting surveys or interviews with individuals in the area.

3. How do you differentiate between natural and man-made sources of a STOP?

Differentiating between natural and man-made sources of a STOP can be a challenging task. One way to do this is by comparing the data and observations collected from the area with known patterns or signatures of both natural and man-made sources. Additionally, conducting controlled experiments and using statistical analysis can also help in determining the source of the STOP.

4. Can the source of a STOP change over time?

Yes, the source of a STOP can change over time. This can be due to a variety of factors such as changes in the environment, human activities, or natural events. It is important to regularly monitor and reassess the source of a STOP to ensure accurate and up-to-date information.

5. How can determining the source of a STOP be beneficial?

Determining the source of a STOP can be beneficial in several ways. It can help in identifying potential health hazards, mitigating environmental damage, and implementing effective solutions to prevent future occurrences. It can also provide valuable information for decision-making and policy development, as well as aid in emergency response and disaster management.

Similar threads

Do you want to build a website?
    • Programming and Computer Science
Replies
15
Views
1K
Autonomous research with large language models
    • Computing and Technology
Replies
2
Views
598
Windows 7 desktop freezing every now and then
    • Computing and Technology
Replies
15
Views
1K
How can I set up remote assistance software without configuring firewall rules?
    • Computing and Technology
Replies
2
Views
1K
Lessons From the Millennium Bug
    • Computing and Technology
Replies
25
Views
3K
Find Free Software to Log Disk Usage & Monitor Processes
    • Computing and Technology
Replies
30
Views
2K
Where is an ISR stored? Estimated time taken to address an interrupt
    • Programming and Computer Science
Replies
6
Views
3K
Anonimity: Time to take the internet back.
    • Computing and Technology
Replies
4
Views
3K
What do you think of Windows Subsystem for Linux (WSL)?
    • Computing and Technology
Replies
12
Views
3K
Web Designer with a twist recommendations
    • Computing and Technology
Replies
2
Views
2K

Hot Threads

Recent Insights

Back
Top