Good afternoon, On Server 2003, we run a third party application as a service. Once or twice a month, this service stops gracefully by itself, which brings the application down. We don't know why, or what is initiating the service stop control. The system event log shows Event 7036 by Source - Service Control Manager, a description stating the service entered the stopped state, and a User of "N/A." Is there any way to trap the source of the stop request, or enable verbose logging for service control? Thanks.

Hi Markyel, Thank you for posting in Windows Server Forum. According to your description, I understand that you want to trace why a application service is stopped. To identify the root cause of this issue, you can use the Process Monitor tool to monitor the application. You can download the tool from the following link: http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx Sincerely, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for the suggestion, I am familiar with process monitor insofar as using it for capturing real time activity, but can you suggest how I would use it in a scenario where I don't know when the next occurrence of the service shutdown will occur? It could be days from now. Perhaps I should I setup a capture filter for the service executable and let it run (with filtered packets dropped)? What else might I need to setup a filter for to capture correlating data?

Hi Markyel, In this scenario, it's easier to use the hookapi to capture the logs when the relevant service gets stopped. You can follow the steps below to capture the service statues logs. 1. Download the files "detoured.dll, hookapi.dll" from the following path: https://sftasia.one.microsoft.com/choosetransfer.aspx?key=9563a8e8-d3d0-43e2-9b00-a62ee4a2ba3b Password: {+nKQ*psP* 2. Put the attached two files to the system32 folder. 3. Then set this registry key AppInit_DLLs to hookapi.dll. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs 4. Restart the system and then try to stop/start a service. As expected, a log file should be saved in the C:\ folder. Sincerely, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

Hi , First and foremost, is this an in-house service built ? if this is in-house service, please contact your dev team. If not , what will you identify from the logs and as far as i know you cannot manipulate any of the code and hence you need to contact the vendor of the service.

Hi, No, it's not an in-house service. I am taking a look at the DLL hook recommendations from Wilson. Thanks.

Hi Wilson Jia, Thanks, but when I go to this link and enter the password, I get a message saying that no workspace exists for the password that was given. Thank you.

Any chance I can get a current download link?