How to know the service status on Window 2003

Sc.exe also displays service status and retrieves the values stored in the status structure fields.You can set the parameters to these functions by specifying them on the command line.The tool also lets you specify the name of a remote computer so that you can call the service API functions or view the service status structures on the remote computer.

To know the status of particular service 

Go to Run ---> cmd ------>    sc query "SERVICE NAME "

C:\Users\Trainer>sc query "IISADMIN"

SERVICE_NAME: IISADMIN
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 1066  (0x42a)
        SERVICE_EXIT_CODE  : -2146893818  (0x80090006)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

C:\Users\Trainer>hostname
Trainer-PC

C:\Users\Trainer>date /t && time /t
Wed 04/01/2015
02:16 PM


C:\Users\Trainer>

sc query

sc query type= service state= all

To create a list of active drivers, use

sc query type= driver

Or for a list of everything, use

sc query state= all

How to Use ?
Open cmd and type
sc query

Some more ways to use SC command.

sc config 

This command is used to determine the status of a service at system startup. A service can be set to run automatically, manually or not at all.

sc config ServiceName start= flag

Here ServiceName is the name of the service and flag has one of the values auto, demand. or disabled .

sc config ServiceName start= demand

Note that there must be a space after the equals sign.

If you want to Know the status of services on Remote then type

sc \\server_name query

Error 0X80090016 Keyset does not exist, Task Scheduler is not performing tasks

Set Protected Storage to Automatic and verify the Status is started.

1. Click Start.
2. Choose Run.
3. In the Run box, type services.msc.
4. Click OK.
5. Find the Protected Storage service, and right-click to select it.
6. Select Properties.
7. In the Startup Type list, select Automatic. 

8. Verify the service Status is Started.
9. Click OK. 
10. Double-click My Computer, and then click Folder Options on the Tools menu.
(THERE WAS NO "My Computer" on the desktop - used Start -> My Computer)
11. On the View tab, click to select Show hidden files and folders, and then click OK.
12. Delete all of the files in the "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18" folder.
13. Stop/start the task scheduler service.
14. Re-enter the password for the user running each job.
  (“Right click" -> run now executes the job. And they now also run as scheduled)

WMIC - Windows Management Instrumentation Command-line

WMIC is a command line interface to WMI -- Windows Management Instrumentation. It is an application interface which allows you low level access to a wide variety of information about systems, both hardware and software. Before WMIC, WMI-based applications (such as SMS), the WMI Scripting API, or tools such as CIM Studio were used to manage WMI-enabled computers.WMIC provided you a powerful, user-friendly interface to the WMI namespace. Earlier, you should had grasp on a programming language such as C++ or scripting.While WMIC is very powerful, it also is barely documented.

How to Run WMIC?

To invoke the WMIC command prompt, type
wmic

The following global switches are available:

 

/NAMESPACE	Path for the namespace the alias operate against.
/ROLE	Path for the role containing the alias definitions.
/NODE	Servers the alias will operate against.
/IMPLEVEL	Client impersonation level.
/AUTHLEVEL	Client authentication level.
/LOCALE	Language id the client should use.
/PRIVILEGES	Enable or disable all privileges.
/TRACE	Outputs debugging information to stderr.
/RECORD	Logs all input commands and output.
/INTERACTIVE	Sets or resets the interactive mode.
/FAILFAST	Sets or resets the FailFast mode.
/USER	User to be used during the session.
/PASSWORD	Password to be used for session login.
/OUTPUT	Specifies the mode for output redirection.
/APPEND	Specifies the mode for output redirection.
/AGGREGATE	Sets or resets aggregate mode.
/AUTHORITY	Specifies the <authority type> for the connection.

For more information on a specific global switch, type: switch-name /?
The following alias/es are available in the current role:

ALIAS	Access to the aliases available on the local system
BASEBOARD	Base board (also known as a motherboard or system board) management.
BIOS	Basic input/output services (BIOS) management.
BOOTCONFIG	Boot configuration management.
CDROM	CD-ROM management.
COMPUTERSYSTEM	Computer system management.
CPU	CPU management.
CSPRODUCT	Computer system product information from SMBIOS.
DATAFILE	DataFile Management.
DCOMAPP	DCOM Application management.
DESKTOP	User's Desktop management.
DESKTOPMONITOR	Desktop Monitor management.
DEVICEMEMORYADDRESS	Device memory addresses management.
DISKDRIVE	Physical disk drive management.
DISKQUOTA	Disk space usage for NTFS volumes.
DMACHANNEL	Direct memory access (DMA) channel management.
ENVIRONMENT	System environment settings management.
FSDIR	Filesystem directory entry management.
GROUP	Group account management.
IDECONTROLLER	IDE Controller management.
IRQ	Interrupt request line (IRQ) management.
JOB	Provides  access to the jobs scheduled using the schedule service.
LOADORDER	Management of system services that define execution dependencies.
LOGICALDISK	Local storage device management.
LOGON	LOGON Sessions.
MEMCACHE	Cache memory management.
MEMORYCHIP	Memory chip information.
MEMPHYSICAL	Computer system's physical memory management.
NETCLIENT	Network Client management.
NETLOGIN	Network login information (of a particular user) management.
NETPROTOCOL	Protocols (and their network characteristics) management
NETUSE	Active network connection management.
NIC	Network Interface Controller (NIC) management.
NICCONFIG	Network adapter management.
NTDOMAIN	NT Domain management.
NTEVENT	Entries in the NT Event Log.
NTEVENTLOG	NT eventlog file management.
ONBOARDDEVICE	Management of common adapter devices built into the motherboard (system board)
OS	Installed Operating System/s management.
PAGEFILE	Virtual memory file swapping management.
PAGEFILESET	Page file settings management.
PARTITION	Management of partitioned areas of a physical disk.
PORT	I/O port management.
PORTCONNECTOR	Physical connection ports management.
PRINTER	Printer device management.
PRINTERCONFIG	Printer device configuration management.
PRINTJOB	Print job management.
PROCESS	Process management.
PRODUCT	Installation package task management.
QFE	Quick Fix Engineering.
QUOTASETTING	Setting information for disk quotas on a volume.
RDACCOUNT	Remote Desktop connection permission management.
RDNIC	Remote Desktop connection management on a specific network adapter.
RDPERMISSIONS	Permissions to a specific Remote Desktop connection.
RDTOGGLE	Turning Remote Desktop listener on or off remotely.
RECOVEROS	Information that will be gathered from memory when the operating system fails.
REGISTRY	Computer system registry management.
SCSICONTROLLER	SCSI Controller management.
SERVER	Server information management.
SERVICE	Service application management.
SHADOWCOPY	Shadow copy management.
SHADOWSTORAGE	Shadow copy storage area management.
SHARE	Shared resource management.
SOFTWAREELEMENT	Management of the  elements of a software product installed on a system.
SOFTWAREFEATURE	Management of software product subsets of SoftwareElement.
SOUNDDEV	Sound Device management.
STARTUP	Management of commands that run automatically when users log onto the computer
SYSACCOUNT	System account management.
SYSDRIVER	Management of the system driver for a base service.
SYSTEMENCLOSURE	Physical system enclosure management.
SYSTEMSLOT	Management of physical connection points including ports,  slots and peripheras, and proprietary connections points.
TAPEDRIVE	Tape drive management.
TEMPERATURE	Data management of a temperature sensor (electronic thermometer).
TIMEZONE	Time zone data management.
UPS	Uninterruptible power supply (UPS) management.
USERACCOUNT	User account management.
VOLTAGE	Voltage sensor (electronic voltmeter) data management
VOLUME	Local storage volume management.
VOLUMEQUOTASETTING	Associates the disk quota setting with a specific disk volume.
VOLUMEUSERQUOTA	Per user storage volume quota management.
WMISET	WMI service operational parameters management

For more information on a specific alias, type: alias /? CLASS     - Escapes to full WMI schema. PATH      - Escapes to full WMI object paths. CONTEXT   - Displays the state of all the global switches. QUIT/EXIT - Exits the program. For more information on CLASS/PATH/CONTEXT, type: (CLASS | PATH | CONTEXT) /? Examples:  To Get the Information of Patches installed on Computer. WMIC qfe To Get the Information of installed Softwares on Computer. WMIC product get name To Get the information of User logged to the system with Date WMIC netlogin get name, lastlogon WMIC /node:<computername> netlogin get name, lastlogon

Log Files required troubleshooting the Window 7/2008 server installation

Lot of time we are unable to install the OS on fresh Computer, we do lot of tries but no luck and we don’t know what to do next, how to dig the issue, which/where to find the logs.

Here is the key to solve failures is identifying where you are in the installation process and when a failure occurs. As you are creating a new installation, the hard drive is not present initially, Windows Setup writes logs into memory, specifically in a Windows PE session (X:\Windows). When hard drive ready to use after formatting, Setup continues logging directly onto the new hard drive (C:\Windows). Whatever Log files created during the Windows PE session are temporary.

Windows Setup Scenario

When a failure occurs in Windows Setup, review the entries in the Setuperr.log file, then the Setupact.log file, and then other log files as appropriate.

Log file	Description	Location
Setupact.log	Primary log file for most errors that occur during the Windows installation process. There are several instances of the Setupact.log file, depending on what point in the installation process the failure occurs. It is important to know which version of the Setupact.log file to look at, based on the phase you are in.	Setup (specialize):X:\Windows\panther Setup (OOBE), LogonUI, OEM First Run:%windir%\panther Windows Welcome (OOBE):%windir%\panther\unattendGC
Setuperr.log	High-level list of errors that occurred during the specialize phase of Setup. The Setuperr.log file does not provide any specific details.	Setup (specialize):%windir%\panther Setup (specialize):%windir%\panther Setup (OOBE), LogonUI, OEM First Run:%windir%\panther
Setupapi.offline.log	Driver failures during the Component Specialization sub-phase of the Setupspecialize phase.	%windir%\inf
Cbs_unattend.log	Unattended-setup servicing failures.	%windir%\panther
Setupapi.dev.log	Driver failures during the oobe phase of Setup.	%windir%\inf
Sessions.xml	An XML-based transaction log file that tracks all servicing activity, based on session id, client, status, tasks, and actions. If necessary, the Sessions.log file will point to the DISM.log and CBS.log files for more details.	%windir%\servicing\sessions
CBS.log	Servicing log file that provides more details about offline-servicing failures.	%windir%\Panther

OOBE - Out-of-box experience is the first impressions a user has with a product when opening its packaging and taking it into use. For software, it is "Welcome Screen" or "Initial Configuration" wizard screens that simplify elaborate set-up of the software

As an example, the process of installing Microsoft Windows is OOBE.  Whatever steps we do during installation comes in OOBE - to acknowledge software license terms, specify partition to install OS, "product key" etc.

Note: Information is gathered from Technet.

Page Fault

A page fault occurs when a process requests a page in memory but system can’t find it in memory. The system page fault handler attempts to resolve the page fault.

Type of Page Fault

• Hard Page Fault – If the requested Page retrieved from disk, the fault is called as hard page fault.

• Soft Page Fault - If the requested page found elsewhere in memory, the fault is called as soft page fault

*Most processors can handle large numbers of soft faults without significant consequence. However, hard faults can cause delays because they require disk access.

Given below counters can be used to identify the page faults.

Page Faults/sec - Page Faults/sec is a combination of hard page faults and soft page faults. This counter gives how many times page fault occurs. The Page must either be retrieved from another location in memory or from the pagefile.

Hard Page Fault Counter

·         Page Reads/sec – It indicates how often the system is reading the disk because of hard page faults. We can say, the number of pages reads from the disk that was done to satisfy page faults. The amount of pages read each time the system went to the disk may vary but a sustained value of over 5 is a strong indicator of a memory problem. We can say, counter is best indicator of a memory shortage.

·         Pages Input/sec - Pages were read from disk to resolve hard page faults. We can use this counter in comparison with the Page Faults/sec counter to determine the percentage of the page faults that are hard page faults.

·         Pages/sec - Pages were read from or written to disk to resolve hard page faults.

In short we can say, a high number of hard page faults may indicate that you need to increase the amount of memory or reduce the cache size on the server.

Soft Page Fault Counter

• Transition Faults/sec - Page faults were resolved by recovering pages without additional disk activity, including pages that were being used by another process sharing the page.

Boot sequence for Windows 2000, XP and 2003:

Windows 2003 booting process

BIOS: performs Power On Self Test (POST)
BIOS: loads MBR from the boot device specified/selected by the BIOS

MBR: contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume
MBR: loads the boot sector from the system volume

BOOT SECTOR: reads the root directory of the system volume at loads NTLDR

NTLDR: reads BOOT.INI from the system volume to determine the boot drive (presenting a menu if more than 1 entry is defined)
NTLDR: loads and executes NTDETECT.COM from the system volume to perform BIOS hardware detection
NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from the boot (Windows) volume
NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System
NTLDR: loads drivers flagged as "boot" defined in the system hive, then passes control to NTOSKRNL.EXE

NTOSKRNL.EXE: brings up the loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers
NTOSKRNL.EXE: creates the Session Manager process (SMSS.EXE)

SMSS.EXE: runs any programs specified in BootExecute (e.g. AUTOCHK, the native API version of CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE

WINLOGON.EXE: starts the Local Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)
WINLOGON.EXE: displays the logon window
WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **

SERVICES.EXE: starts all services markes as automatic

post     - power on self test

mbr      -contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume

         - loads the boot sector from the system volume

ntldr    - reads boot.ini ( os selection will be made here )
       
         - loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System

         - loads NTOSKRNL.EXE, HAL.DLL,


ntoskernel -  brings up the loading splash screen and initializes the kernel subsystem

           - starts the boot-start drivers and then loads & starts the system-start drivers

smss         -- winlogon - services

source : http://www.answers.com/Q/Windows_2003_booting_process

---------

NOTES:
The SYSTEM volume is the partition from which the boot process starts, containing the MBR, boot sector, NTLDR, NTDETECT.COM & BOOT.INI
The BOOT volume is the partition which contains the Windows folder - this can be a logical partition

BIOS: performs Power On Self-Test (POST)

BIOS: loads MBR from the boot device specified/selected by the BIOS

MBR: contains a small amount of code that reads the partition table, the first partition marked as active is determined to be the system volume

MBR: loads the boot sector from the system volume

BOOT SECTOR: reads the root directory of the system volume and loads NTLDR

NTLDR: reads BOOT.INI from the system volume to determine the boot drive (presenting a menu if more than 1 entry is defined)

NTLDR: loads and executes NTDETECT.COM from the system volume to perform BIOS hardware detection

ntdetect.com is a component of Microsoft Windows NT-based operating systems that operate on the x86 architecture. It is used during the Windows NT startup process, and is responsible for detecting basic hardware that will be required to start the operating system

The bootstrap loader takes the control over the booting process and loads NTLDR. Ntdetect.com is invoked by NTLDR, and returns the information it gathers to NTLDR when finished, so that it can then be passed on to ntoskrnl.exe, the Windows NT kernel.

Ntdetect.com is used on computers that use BIOS firmware. Computers with Extensible Firmware Interface, such as IA-64, use a method of device-detection that is not tied to the operating system.[1]

Hardware detection operates somewhat differently depending on whether or not Advanced Configuration and Power Interface (ACPI) is supported by the hardware. It passes on the hardware details gathered from the BIOS onto the OS. If ACPI is supported, the list of found devices is handed to the kernel, Windows will take responsibility for assigning each device some resources. On older hardware, where ACPI is not supported, the BIOS takes responsibility for assigning resources, not the operating system, so this information is passed to the kernel as well.

In addition, ntdetect.com will make a determination as to which hardware profile to use. Windows supports multiple distinct hardware profiles, which allows a single copy of Windows to work well in situations where the hardware changes between specific layouts on a regular basis. This is common with portable computers that connect to a docking station[citation needed].

In Windows Vista and later Windows operating systems, ntdetect.com only supports ACPI, so that Windows will be able to control hardware resource allocation on every machine in the same way. Hardware profiles are also no longer supported in Windows Vista.

The information gathered by ntdetect.com is stored in the HKLM\HARDWARE\DESCRIPTION key in the Windows Registry at a later stage in the boot process.

Classes of hardware detected

Hardware identification

Hardware date & time

Bus and adapter types

SCSI adapters

Video adapters

Keyboard

Serial and parallel communication ports

Hard drives

Floppy disks

Mouse

Floating-point coprocessor

Industry Standard Architecture-based devices

.

NTLDR: loads NTOSKRNL.EXE, HAL.DLL, BOOTVID.DLL (and KDCOM.DLL for XP upwards) from the boot (Windows) volume

NTLDR: loads \WINDOWS\SYSTEM32\CONFIG\SYSTEM which becomes the system hive HKEY_LOCAL_MACHINE\System

NTLDR: loads drivers flagged as “boot” defined in the system hive, then passes control to NTOSKRNL.EXE

NTOSKRNL.EXE: brings up the loading splash screen and initializes the kernel subsystem
NTOSKRNL.EXE: starts the boot-start drivers and then loads & starts the system-start drivers

NTOSKRNL.EXE: creates the Session Manager process (SMSS.EXE)

SMSS.EXE: runs any programs specified in BootExecute (e.g. AUTOCHK, the native API version of CHKDSK)
SMSS.EXE: processes any delayed move/rename operations from hotfixes/service packs replacing in-use system files
SMSS.EXE: initializes the paging file(s) and the remaining registry hives
** before this step completes, bugchecks will not result in a memory dump as we need a working page file on the boot (Windows) volume **
SMSS.EXE: starts the kernel-mode portion of the Win32 subsystem (WIN32K.SYS)
SMSS.EXE: starts the user-mode portion of the Win32 subsystem (CSRSS.EXE)
SMSS.EXE: starts WINLOGON.EXE

WINLOGON.EXE: starts the Local Security Authority (LSASS.EXE)
WINLOGON.EXE: loads the Graphical User Identification and Authentication DLL (MSGINA.DLL by default)

WINLOGON.EXE: displays the logon window

WINLOGON.EXE: starts the services controller (SERVICES.EXE)
** at this point users can logon **

SERVICES.EXE: starts all services markes as automatic