0

Remote workers at my company use a program to capture and store data. The program has a background service called the "scheduler" that connects to and transfers data back up to our home office on a predetermined schedule. We have a mixed environment of Win7/Win10 pro in a domain environment.

Every so often I notice that data uploads have not occurred in awhile. When I investigate the cause I almost always find the same issue. The scheduler service startup type has been changed from "automatic" to "manual" and the service is not running. I have tried working with the software vendor to determine the issue but they claim that there is nothing in their software that could alter the state or configuration of a Windows service, so it must be a Windows issue and thus outside the scope of their support...

The service runs as Local System and there are no dependencies. Something I did notice is that recovery options are all set to "Take no action" which explains why a service failure will not result in a restart, but does not explain the change in startup type.

My question is: What (besides direct user action) can cause a Windows service startup type to change?

My wild guesses are either group policy or AV.

I have created a windows scheduler task and written a batch file that checks to make sure the service is configured properly every time the user logs in but I would really like to figure out the root cause of the issue so I can fix it. Any help steering me in the right direction would be greatly appreciated.

Improve this question
4
  • Go to the Service Properties, Recovery Tab, and set First and Second failures to Restart the Service. I have seen the QuickBooks monitor service stop and restarting the service as noted above has been a robust solution
    – anon
    Commented Jan 17, 2020 at 1:54
  • @John yeah I am definitely going to swap them all over to Restart Service. Unfortunately there's about 30 computers to do this on. I am also going to let the software vendor know that they should update the installer to make that the default action. Still doesn't explain what is changing the startup type though, unless that is the default windows action for a failed service?
    – Ashton
    Commented Jan 17, 2020 at 2:04
  • We do not always know why and cannot determine (many causes). Sometime vendor updates fix the issue. Beyond that, we use the restart service method until a fix comes.
    – anon
    Commented Jan 17, 2020 at 2:22
  • 1
    Check the event log. In the System portion, there should be an event from the Service Control Manager. Event ID 7040. "The start type of Scheduler service was changed from auto start to demand start". That might help you narrow down when it is happening. And it should contain the user who did it.
    – Doug Deden
    Commented Jan 17, 2020 at 2:23

1 Answer 1

Reset to default
0

You can configure the startup mode of a service through GPO (at the domain level or locally through gpedit.msc).

Check Computer Configuration > Policies > Windows Settings > Security Settings > System Services

enter image description here

I ran into a similar issue that was hard to trace, because I used a GPO to configure the Security Settings on the service, not to set the startup mode necessarily.

As Doug Deden said: look for Event ID 7040. Note the time. Then look at the event log for Group Policies and see if there are Events with ID 8006: "Completed periodic policy processing for computer ... in ... seconds." Compare the two times. If they more or less match, this might be it.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .