How to use the Event Viewer to troubleshoot problems with a Windows Service

A windows service, designed to run “headless” and unattended in the background, cannot easily employ conventional popup windows to report its activities as a user may not even be logged on. Instead, a service is encouraged to send important communication to the Windows Event Log – an administrative utility that collects and stores messages and events. Once recorded, these messages can be very helpful in troubleshooting problems, for example when a service stops unexpectedly or when it fails to start at all.

Viewing Events from Windows Services

Use Microsoft’s Event Viewer to see messages written to the Event Log. Start the application by clicking on the Start button and typing in Event Viewer, or from the Control Panel (search for it by name). The somewhat cluttered window should come up after a few seconds:

 

 

The left hand side shows a tree grouping the various logs captured on your machine. The events from Windows Services (and other applications running on your PC) are filed under Windows Logs > Application. Navigate to that section to load the events in the center of the window, with the entire list in the top and details of the highlighted event underneath:

 

 

 

Messages from your windows service will have the display name of the service in the Source column.

Important Components of an Event

The Event Viewer shows over 10 pieces of information associated with each event, including:

  • Level – How important is this event?Each event is classified into one of three categories:

    Information: An informative yet unimportant event. You will probably see a lot of these, and they can be safely ignored unless you are digging into a specific issue from an application or service.

    Warning: A moderately important event. These don’t necessarily signify a failure, and your software will probably limp along, but they should be reviewed regularly to see if anything mentioned can be resolved.

    Error: Indicates a critical problem or failure that may deserve your immediate attention!

  • Date and Time – When did this event occur?
  • Source – Which application reported this event?As mentioned before, an event written by a Windows Service will contain the service’s display name as the Source.
  • Description – Which happened?The full description shown prominently in the lower pane will (hopefully) provide the relevant details of the event.

 

Viewing Events about Windows Services

While the Application log keeps track of events from a running service, the Windows Logs > System area records when services are started, stopped, crash or fail to start. Look for events with the Source set to Service Control Manager (SCM). For example, here is the SCM telling us that the Windows Print Spooler service has crashed:

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *