We help IT Professionals succeed at work.

How to avoid incorrect Auto-started services not running alert on SBS 2003

gregmiller4it
on
2,734 Views
Last Modified: 2012-06-06
Hi,
We have an SBS 2003 that has just started alerting 'Auto-started services not running: 1'.
The service in question is: Sophos web Intelligence Update service. When I open 'services' and check, the alert is correct: the service is set to 'Auto' but it is 'stopped'. When I start the service manually, it starts and then stops immediately and then gives me another notification about exactly that. I have checked and the service is not supposed to keep running, it is just supposed to start and stop, just like the 'Performance Logs and Alerts'.
So, how can I tell SBS that the service is behaving correctly and that it doesn't need to tell me everyday that there is a problem?
Cheers,
Greg
Comment
Watch Question

Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
According to this forum posting the service is behaving exactly as it is supposed to and the problem is that Windows is reporting it:
http://community.sophos.com/t5/Sophos-Endpoint-Protection/SEC-v5-0-0-8-and-Sophos-Web-Intelligence-Update-Service/m-p/21963#M8687

I'm not intimately familiar with Sophos' products, but this does seem as though the advice given there is correct.

To adjust the warnings, Go to START > Administrative Tools > Health Monitor

Find the rule that has the alert and then you can disable it.

Jeff
TechSoEasy
If you set the service to manual, it should be fine.

Author

Commented:
Hey Jeff, Thanks for that. I found the same thread and came to mcuh the same conclusions; it is doing what it should (i.e. starts and stops) but Windows probably shouldn't be sending an alert about it. There doesn't seem to be a fix there though.
I tried what you suggested and can't find the rule in the Health Monitor.

Marcustec,  I am sure that setting the service to manual will stop the alert, but I'm not convinced that this is the best way forward, since the service is supposed to start and stop.

Any other thoughts anyone?

Cheers,
Greg
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
So are you getting email notifications about this?  Or are you just wanting these to stop showing in the event logs and monitoring reports?

Jeff
TechSoEasy

Author

Commented:
Every day at 6:00am I receive an email from the SBS system with the Server Performance Report. Something like this:

Summary for SERVER

  Server has been running: 14 days and 2 hours  
  Server Specifications                                               Details  
  Performance Summary                                           Details  
  Top Processes                                                          Details  
  Backup: Not configured                                           Details  
  Auto-started Services Not Running: 1                      Details  
  Critical Alerts: 0                                                       Details  
  Critical Errors in the Event Logs: 2                           Details

This summary is followed by all the separtate sections with the specific 'details'.

I check it every day to see if there is anything that needs dealing with.
Cheers,
Greg
Principal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Hi Jeff,
Thanks for that. I have done as suggested, and I will be interested to see if it has worked when I get the report tomorrow morning. I suspect that it may not and I will explain...
The kb article above is to ignore the Microsoft .NET Framework NGEN v4.0.30319_X86 service and I want to ignore the Sophos web Intelligence Update service. I've looked at the file that was edited by the Fix-It and the changes made are exactly as explained in the kb article. So, unless the Sophos service is a sub-set of the the .NET service, it probably won't fix the issue. I do, however, see that the method appears correct. I suspect I will need to find the specific reference to the Sophos service (and I don't know how yet) and manually edit the C:\inetpub\monitoring\web.config file replacing the reference to the .NET service that the Fix-It added.
But I will wait until tomorrow morning and see what is reported.
cheers,
Greg
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Ah... y'know I thought that FixIT wizard would ask which service you wanted to ignore when it was run.  So definitely it won't fix your problem, but you certainly can manually modify the web.config file.

Jeff
TechSoEasy

Author

Commented:
Thanks Jeff, but there seems to be a need for a specific reference to the service (as shown in the kb). The problem is I don't know where/how to find that specific reference. Any thoughts?
Cheers, Greg
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Shouldn't be too hard to figure out.

I used the registry editor and did a search for "clr_optimization_v4.0.30319_32"

Under this key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLR_OPTIMIZATION_V4.0.30319_32\0000\Control

I found a setting for ActiveService that equaled clr_optimization_v4.0.30319_32

I'd suspect that there is a similar entry for Sophos.

Jeff
TechSoEasy
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
marcustech,

Yep, I missed that at the top of the General tab of that particular service's properties.

(probably because when you open the properties the "Service name:" line is highlighted in a dark band).

So thanks for pointing that out.

Jeff
TechSoEasy

Author

Commented:
Thanks guys,
Through the properties for the service I have got the service reference as: "swi_update". I've now edited the  C:\inetpub\monitoring\web.config  file changing the .NET reference to this one. Now I will wait until tomorrow morning's report to see if it has fixed it. I'll let you know.
cheers,
Greg

Author

Commented:
Thanks guys, the problem is solved. Jeff, we were almost there just had to figure out the exact reference and MarcusTech, your assistance got us over the line in the end.
Thanks again, it is nice to see a clean report again at last.
Cheers,
Greg

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.