An Overview on Services

Windows 2000 and Windows Server 2003 provide features technologies and services that can be added to new and existing networks to meet the organizations business requirements. To use certain services, you have to first implement specific technology or services on which these services depend. For instance, in order to use the Windows 2000 or Windows Server 2003 Active Directory directory service, you first have to install Transmission Control Protocol/Internet Protocol (TCP/IP), and the Domain Name System (DNS) service.

While both Windows 2000 and Windows Server 2003 support numerous network protocols, the Transmission Control Protocol/Internet Protocol (TCP/IP) is the primary protocol used in Windows 2000 and Windows Server 2003 networks, and many network services use the protocol. For this reason, TCP/IP is installed as part of the installation of Windows 2000 and Windows Server 2003. TCP/IP is a routable protocol. It is used by wide area networks (WANs) and the Internet. Another service other than the Active Directory directory service that is dependant on TCP/IP is the Internet Information Server (IIS).Managing Services

The TCP/IP protocol utilizes Internet Protocol (IP) to find and connect to computers. When IP is used, IP addresses are used to connect to hosts. Computers in this case are also referred to as hosts. Users on the other hand like to use a friendlier name to locate and connect to hosts. This is where the Domain Name System (DNS) Server service comes into play. It is the DNS Server service that makes it possible for friendlier names to be used to locate and connect to hosts, and other network resources. DNS is used for name resolution, to provide a standard naming convention to locate IP hosts on the Internet. DNS organizes groups of computers into domains, which are in turn are organized into a hierarchical structure. The DNS hierarchy is made up of different levels, which identify computers, top level domains, and organizational domains. Domains in Active Directory utilize DNS to implement the Active Directory naming structure and Active Directory hierarchy. DNS must actually be installed before you can install Active Directory because the two are integrated. If you choose to fully integrate Active Directory and DNS, DNS information is stored directly in Active Directory. This means that a domain controller running the DNS Server service can be configured to deal with dynamic updates through Dynamic Host Configuration Protocol (DHCP), with Active Directory controlling access to DNS information.

Dynamic Host Configuration Protocol (DHCP) is used to manage IP addresses on a network using TCP/IP. To use DHCP, you first have to install the DHCP service on a computer, making it a DHCP server. The DHCP Server service provides certain benefits, of which a few are listed below:

  • Multicast address allocation

  • DHCP can integrate with the DNS Server service, and the Active Directory directory service.

  • Monitoring capabilities and statistical reporting.

The Windows Internet Name Service (WINS) is used in Windows NT Server 4.0 and prior operating systems (OSs) for name resolution. WINS is typically used in routed networks for NetBIOS name resolution.

The Internet Information Services (IIS) version included in Windows Server 2003 is IIS 6.0. IIS is the most frequently used Web servers on the Internet and in intranets. If you are running a Windows Server 2003 Edition other than the Windows 2003 Server Web Edition, IIS has to be installed first in order to use its features and capabilities.

Both Windows 2000 and Windows Server 2003 include the Terminal Services feature. When Terminal Services is configured in Remote Desktop For Administation mode (default), it can be used as a remote server management tool. The feature allows administrators to log on to a computer from a desktop and not the server console to perform administrative tasks. The components supported by the Windows Server 2003 Terminal Services service are Remote Desktop For Administration and Remote Assistance (RA).

Another service, the Microsoft Certificate Services can be installed to create and manage Certificate Authorities (CAs). CAs issues the digital certificates which are used in a PKI implementation to provide the following features:

  • IPSec authentication

  • Secure e-mail

  • Secure communications between Web clients and servers

  • Local network and remote access logon authentication

Windows Server 2003 also includes integrated support services that support the system at different levels. These services can be viewed in the Services node in the Computer Management console:

  • Automatic Updates, used to perform automatic updates to the Windows Server 2003 OS. The feature can compare the current OS components, drivers and applications installed on your system to those items listed on the Microsoft Web site to determine whether any updates are available for installation.

  • Error Reporting Service: When the Error Reporting Service is running, it can report application or component error occurrences to Microsoft.

  • Help and Support, provides the help and support features integrated with Windows Server 2003, including system documentation and support services.

  • Volume Shadow Copy, used to create and manage volume shadow copies for backup routines and redundancy.

  • Windows Time service: Responsible for keeping the system time synchronized.

Services can be defined as system programs, processes or routines running in the background that performs a specific operation within the operating system. Administrators need to monitor services and also change the configuration of services when necessary. The configuration of a service is stored in the following location in the Registry

  • HKEY_LOCAL_MACHINESystemCurrentControlSetServices key

Each service has a name and a display name.

  • Service Name: The service name is used in the Registry.

  • Display Name: The display name is used in the graphical interface

A service can be in one of the following states:

  • Started

  • Stopped

  • Paused

A service can also be configured with one of the startup types listed below. The startup type controls when and how the service starts.

  • Automatic, the service starts automatically when the OS starts or boots.

  • Manual, this service needs to be started manually by an Administrator. However, if a service or process needs to start a particular service, it can start the service.

  • Disabled, for a service with the Disabled startup type to start, the actual startup type needs to be changed to either Automatic or Manual. A service cannot start another service if that particular service's startup type is Disabled.

A service logs on, and runs though a logon account. A system can use one of the types of accounts listed below:

  • Local System account: The majority of services use the Local System built-in operating system account. The account has full access to all components and resources on the local computer. If the account is configured on a domain controller, it can also access network resources.

  • Local Service account: This is also a built-in account. However, the Local Service account has the same rights as local users which limit the actions that the service can perform. Local Service accounts cannot access network resources.

  • Network Service account: The Network Service account provides much the same rights to the service as what the Local Service account does, with the difference being that the Network Service account can use the security credentials of the local computer to access network resources.

The System Services area of the Security Configuration and Analysis management console is used to manage startup and permissions for system services. The permissions which you configure for users and groups for a particular service determine what actions a user can perform on the service. Permissions either allow or prevent users from performing the following actions:

  • Start, stop, pause and restart a service

  • Change permissions for the service

  • Change the configuration of the service

  • Delete a service

You can configure the action that should occur when a service fails. The actions which you can specify are listed next:

  • Take No Action

  • Restart The Service

  • Run A Program

  • Restart The Computer

Certain services depend on other services to be running for them to start. This concept is called service dependency. The operating system utilizes service dependencies to determine the order in which services should be started. When a service fails, service dependencies result in other services also failing within your environment.

Managing and Configuring Services

You can use the Services node located under the Services And Applications node in the Computer Management console to manage and configure the properties of services.

How to view and access system services in the Computer Management console

  1. Click Start, Programs, Administrative Tools, and then click Computer Management.

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu.

  3. Specify whether you want to manage services on the local computer, or on a remote computer.

  4. Proceed to expand the Services And Applications node.

  5. Select Services

The Services window or view lists the services, as well as the information listed below on each service:

  • Name: Shows the name of installed system services. If you want to install a service, use the Windows Optional Networking Components or the Network Connection Properties dialog box.

  • Description: Contains a description on the service.

  • Startup Type: Indicates the startup type of the service as either

    • Automatic

    • Manual

    • Disabled

  • Status: Indicates the status of the service as either:

    • Started

    • Stopped

    • Paused

  • Log On As: The account which the service uses to log on.

If you want to configure the properties of a service, simply double-click the service. The Properties dialog box of the service opens, displaying the following tabs:

  • General tab: You can view and change the following settings on the General tab:

    • The service display name in the Display Name box

    • The service description in the Description box

    • The path to the service executable in the Path To Executable box.

    • The startup type of the service in the Startup Type box.

    • Change the current status of the service, using the Start, Stop, Pause, and Resume buttons.

    • Specify startup parameters that should be applied when the service starts, using the Start Parameters box.

  • Log On tab: This is where you can view or configure the account which the service uses to log on to the system,

    • In the Log On As area of the tab you can choose the Local System Account option, or you can choose the This Account option. If you select the This Account option, then you have to specify the logon account name, and a password in the Password and Confirm Password text boxes.

    • In the bottom area of the tab, you can configure the hardware profiles for the service, and specify whether the service should be enabled or disabled.

  • Recovery tab: This is where you configure the action that should take place when the system fails. You can set either the Take No Action, Restart The Service, Run A Program or Restart The Computer action in the following boxes:

    • First Failure

    • Second Failure

    • Subsequent Failure
      If you selected to Run A Program, you have to complete the Run Program area of the Recovery tab. This is where you specify the program that should run, as well as any command line parameters.

    • Dependencies tab: All services that this particular service depends on in order to start, are listed on the Dependencies tab. The tab can be useful when you troubleshoot service failure, and need to determine service dependencies.

How to start, stop, pause, or restart services

  1. Open the Computer Management console.

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu. Specify whether you want to manage services on the local computer, or on a remote computer.

  3. Expand the Services And Applications node, and select Services

  4. Right-click the service which you want to work with in the Services window and select Start, Stop, or Pause on the shortcut menu.

  5. If you want Windows to stop and then restart the service, right-click the service and select Restart on the shortcut menu.

How to configure the service startup type

  1. Open the Computer Management console.

  2. Right-click Computer Management in the console pane, and click Connect To Another Computer on the shortcut menu. Specify whether you want to manage services on the local computer, or on a remote computer.

  3. Expand the Services And Applications node, and select Services

  4. Right-click the service which you want to configure the startup type for, and select Properties on the shortcut menu.

  5. On the General tab of the Properties dialog box, select the startup type (Automatic, Manual, Disabled) in the Startup Type drop-down list box.

  6. Click OK.

How to configure recovery options for a service

  1. Open the Computer Management console.

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu. Specify whether you want to manage services on the local computer, or on a remote computer.

  3. Expand the Services And Applications node, and select Services.

  4. Right-click the service which you want to configure recovery options for, and then select Properties on the shortcut menu.

  5. Click the Recovery tab.

  6. Choose between the following actions in the First Failure, Second Failure and Subsequent Failure boxes:

    • If you do not want the OS to initiate a recovery from the service failure, select Take No Action.

    • If you want the service stopped, and then restarted, select Restart The Service.

    • If you want to run a program when the service fails, select Run A Program. Specify the program and any necessary command line parameters.

    • If you want the computer to shut down and restart, select Restart The Computer.

  7. Click OK

How to configure the logon account for a service

  1. Open the Computer Management console.

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu. Specify whether you want to manage services on the local computer, or on a remote computer.

  3. Expand the Services And Applications node, and select Services.

  4. Right-click the service which you want to configure the logon account credentials for, and then select Properties on the shortcut menu.

  5. Click the Log On tab.

  6. If you want the service to log on via the system account, click the Local System Account option.

  7. If you want the service to log on through a user account that you specify, click the This Account option. Enter the account name, and the account password. You can click Browse to locate a user account.

  8. Click OK.

How to disable services that are not needed

If you have unnecessary services running within your environment, you can disable the services. When services are disabled, they are stopped from starting when the computer starts. The components of the service which you disable are not uninstalled.

Use the steps below to disable a service,

  1. Open the Computer Management console.

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu. Specify whether you want to manage services on the local computer, or on a remote computer.

  3. Expand the Services And Applications node, and select Services

  4. Right-click the service which you want to disable, and select Properties on the shortcut menu.

  5. On the General tab of the Properties dialog box, select Disabled in the Startup Type drop-down list box.

  6. Click OK.

How to manage services and processes from the command-line

A few command-line utilities are available in Windows Server 2003 which you can use to manage services.

  • You can use sc.exe to configure services, and manage the status of services. The name that you use to indicate a service must be the service name which is stored in the Registry. You cannot use the display name of the service. You can use sc getkeyname to determine the registry name of a particular service. Use the online help to read up on the options of sc.exe.

  • You can use shutdown.exe to shut down or restart the local computer or a remote computer.

  • You can use tasklist.exe to list the tasks which are running on the local computer or on a remote computer. The options of tasklist are listed below:

    • /S, used to connect to a remote computer

    • /U, used to connect to a user.

    • /P, for defining the password of the user.

    • /M, for listing the DLL modules loaded by processes

    • /FI, used to limit output to only certain tasks. The option is utilized with a number of filters.

    • /FO, used to indicate the format in which output should be displayed.

    • /FO, used to indicate verbose information.

  • You can use taskkill.exe to kill processes which are running on the local computer or on a remote computer. The options of taskkill are listed below:

    • /S, used to connect to a remote computer

    • /U, used to connect to a user.

    • /P, for defining the password of the user.

    • /F, for terminating a process

    • /FI, used to define a filter so that processes which match the filter are terminated.

    • /PID, used to indicate the process number of the process which should be terminated.

    • /T, used to terminate a process, and all its associated child processes.

How to monitor and troubleshoot services

When it comes to services, especially services such as DHCP and DNS, it is important that these services are running when clients need the functionality or features provided by the services. Services cannot be running for a number of reasons, including:

  • Certain server conditions can cause services to stop.

  • An administrator could have manually stopped the service.

  • The service could have failed to start when the computer was restarted.

  • The logon account which the service is using does not have the Log On As A Service right.

  • The user name for the logon account of the service was renamed, disabled or deleted; making the account invalid.

  • The password of the user account has expired. When this happens, an administrator needs to reset the password.

To check the status of a service,

  1. Ope the Computer Management console

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu.

  3. Specify whether you want to check the status of a service on the local computer, or on a remote computer.

  4. Proceed to expand the Services And Applications node.

  5. Select Services.

  6. The Services window displays the service name, startup type and status of the service, as well as other information.

How to monitor the DHCP service

While the DHCP service is an important service, a DHCP service failure could possibly only become evident when a new client attempts to obtain an IP address. You can however view statistics on the server running the DHCP service in the DHCP console.

To view DHCP service statistics,

  1. Open the DHCP console.

  2. Click the Server icon.

  3. Select Display Statistics from the Action menu. The information displayed in the Statistics dialog box of the DHCP server is listed below:

    • Start Time, indicates the date and time when the DHCP service last started.

    • Up Time, indicates the quantity of time which the DHCP service is running from the time when it last started.

    • Discovers, indicates how many DHCPDISCOVER messages the DHCP server received from clients who requested IP addresses.

    • Offers, indicates how many DHCPOFFER messages the DHCP server sent to clients who requested IP addresses.

    • Requests, indicates how many DHCPREQUEST messages the server received from clients for renewing IP address leases, and for accepting IP addresses offered by the DHCP server.

    • Acks, indicates how many DHCPACK messages the server sent to clients.

    • Nacks, indicates how many DHCPNACK messages the DHCP server sent to clients who were denied IP addresses.

    • Declines, indicates how many DHCPDECLINE messages the server received from clients who declined the IP addresses which the server offered to them.

    • Releases, indicates how many DHCPRELEASE messages the server received from clients who released IP addresses.

    • Total Scopes, indicates how many IP address pools exist on the DHCP server.

    • Total Addresses, indicates the number of IP addresses available in scopes on the DHCP server.

    • In Use, shows how many IP addresses are currently assigned by the server.

    • Available, shows how many available IP addresses the DHCP server can assign.

How to view the DHCP log maintained by the DHCP service

The DHCP service manages it own log file on the system drive, in the %Systemroot%System32Dhcp folder. An entry in the DHCP log file contains the information listed below:

  • ID: This is a code which defines why the entry was created by the DHCP service.

  • Date: Indicates the date when the entry was created in the DHCP log.

  • Time: Indicates the time when the entry was created in the DHCP log.

  • Description: Contains information on the event which resulted in the creation of the entry.

  • IP Address: If a DHCP client is associated with the event which resulted in the creation of the entry, the IP address of the DHCP client is listed here.

  • Host Name: If a DHCP client is associated with the event which resulted in the creation of the entry, the host name of the DHCP client is listed here.

  • MAC Address: This is the network interface adapter's hardware address.

Another service which should be monitored regularly is the DNS service. You can monitor the DNS servers by using Event Viewer. The DNS server has its own DNS log in Event Viewer that records DNS queries, responses, and other DNS specific activities.

A failure of a server running the DNS service can result in:

  • Internet clients would not be able to access Internet servers.

  • Active Directory directory service clients would be unable to locate domain controllers, and log on to a Active Directory domain.

  • Internet users would not be able to access Web servers.

The Active Directory directory service also has its own Directory Service log in Event Viewer that contains events recorded and logged by the Active Directory directory service, and its associated services.

How to access and view event logs in Event Viewer

  1. Open the Computer Management console.

  2. Right-click Computer Management in the left console pane, and click Connect To Another Computer on the shortcut menu. Specify whether you want view event logs on the local computer, or on a remote computer.

  3. Expand the System Tools node

  4. Double-click Event Viewer

  5. Select the log which you want to view information on.

To view detailed information on an event entry, double-click the event. The information displayed, include:

  • The event type, which is one of the following:

    • Information event

    • Success Audit

    • Failure Audit

    • Warning event

    • Error event

  • The date and time when the event occurred.

  • The application or service that logged the event

  • The event category

  • The event identifier

  • The computer name on which the event took place.

  • The user account which was logged on when the event took place.

  • A description of the event.

  • Any data produced by the event