How to stop/start a process as shown in Task Manager

Topic

New Reply

Hello all. I have a friend who has a SBS 2003 server and there’s a process, let’s call it process.exe, that needs to be stopped and restarted as often as its handles count reaches 50,000. What I’m trying to do is a band-aid fix until we permanently resolve the issue at which time we won’t need to stop/restart the service.

Anyway, if you go into Task Manager and add the Handles column you’ll see that each process uses a certain number of handles. We have one process where the handles increases constantly. In a 17 hour period it went from 14,000 (which is high to begin with) to nearly 200,000! I stopped/restarted the process by stopping/restarting the service in services.msc and that started it back at zero. Of course it’s doing the same thing as before where the handles count just keeps increasing, hence my desire to setup something so it will automatically stop/restart this process until we get the actual problem fixed. It’s important that we don’t just stop this service from running until we get it fixed because it’s related to the anti-virus software on the server.

I did try setting up an alert in Performance Monitor and tried to have it run a batch file that would stop the service, but that didn’t work because the process itself, process.exe, isn’t the service name or something like that. In other words when I opened a command prompt and typed net stop process.exe I got an error message stating it wouldn’t work because that’s not the name of the service. Perhaps if I could determine the actual name of the service this could work?

So does anyone know how to setup something that will cause the process or service to stop and then restart every time the handles reaches 50,000? We could possibly just setup a task to run every X number of hours if we can’t get this to work based on the number of handles being reached.

Reply | Quote

Replies

Hello all. I have a friend who has a SBS 2003 server and there’s a process, let’s call it process.exe, that needs to be stopped and restarted as often as its handles count reaches 50,000. What I’m trying to do is a band-aid fix until we permanently resolve the issue at which time we won’t need to stop/restart the service.

Anyway, if you go into Task Manager and add the Handles column you’ll see that each process uses a certain number of handles. We have one process where the handles increases constantly. In a 17 hour period it went from 14,000 (which is high to begin with) to nearly 200,000! I stopped/restarted the process by stopping/restarting the service in services.msc and that started it back at zero. Of course it’s doing the same thing as before where the handles count just keeps increasing, hence my desire to setup something so it will automatically stop/restart this process until we get the actual problem fixed. It’s important that we don’t just stop this service from running until we get it fixed because it’s related to the anti-virus software on the server.

I did try setting up an alert in Performance Monitor and tried to have it run a batch file that would stop the service, but that didn’t work because the process itself, process.exe, isn’t the service name or something like that. In other words when I opened a command prompt and typed net stop process.exe I got an error message stating it wouldn’t work because that’s not the name of the service. Perhaps if I could determine the actual name of the service this could work?

So does anyone know how to setup something that will cause the process or service to stop and then restart every time the handles reaches 50,000? We could possibly just setup a task to run every X number of hours if we can’t get this to work based on the number of handles being reached.

You could use a tool such as Process Monitor to find out the service name.

Joe

--Joe

Reply | Quote

Personally I would use PsList from Sysinternals (as was) which gives the number of handles and the ProcessID for for the required Process/Image name then PsKill to kill the offending PID.

If alternatively you want to stop and start the service, you want the usual PsService or SC or NET STOP/NET START once you’ve determined what the short name or display name is for the offending service.

Not surprisingly, these would be done in a permanently-running BATch file, inspecting the service/PID every , but since you mention BATch files already, I assume you know what you’re doing!

BATcher

Plethora means a lot to me.

Reply | Quote

Hey BATcher, actually I’m a bit of a novice when it comes to batch files. Could you give me a few pointers for doing what I want to do, using the tools from Sysinternals?

Reply | Quote

Hey BATcher, actually I’m a bit of a novice when it comes to batch files. Could you give me a few pointers for doing what I want to do, using the tools from Sysinternals?

Given enough information, I could write it for you!

It occurs to me overnight that you could get information about the services from the services tab of Autoruns (same source) and from PsService ,which gives rather more information than does SC QUERY.

Once you’ve identified the service name and how it appears in Task Manager -> Processes, or any of the other programs previously suggested, let me know and I’ll mock something up… I’ve done that sort of BATch file several times before, although admittedly not for a few years.

BATcher

Plethora means a lot to me.

Reply | Quote

Here’s a stab at a version – read through it and change the stuff which contains ***

Code:

@echo off
title %~n0
:: +---------+
:: I Handler I  inspect the number of handles for a specific process
:: +---------+	and restart the service if this exceeds a threshold

::  needs to be run under control of an Administrator-type account
::  intended to be run 'permanently' so arrange for it to be in HKLMRun
::	registry entry, or in Task Scheduler, or whatever

setlocal

:: requires the programs PSLIST.EXE and PSSERVICE.EXE to be executable
::					   ----------	 -------------

:: sample (dummy) PSLIST output:
::   Name		  Pid Pri Thd  Hnd   Priv		CPU Time	Elapsed Time
::   process1	  820   9  20  506   4140	 0:02:31.328	98:26:13.425
::   process2	 1032   8  22  217   2960	 0:00:00.281	98:26:13.191
::   process3	 1052   6  29  156   2252	 0:06:51.640	98:26:01.613
::   [Token 1	 2	  3   4  5  - used in later FOR command]

:: set up the variables
:: process name for the service to be monitored
set process=processname *** CHANGE THIS

:: the corresponding service name
set service=servicename *** CHANGE THIS

:: the handle threshold must, of course, be greater than the starting figure!
set threshold=100000

:: set up the path to the message log
set log=*** CORRECT PATH%~n0.log

:: (very approximate) time interval between checks, in seconds
::   takes no account of time taken to restart the service when necessary
set interval=600  *** CHANGE THIS

::----------------------------
:loop

:: set the value of handles to undefined
::   so we can check if the process is present in the PSLIST output
set handles=

:: variable to hold the executed commands (cosmetic!)
set forcmds=pslist ^^^| findstr /b /i "%process%"

:: the FOR command does the important work
for /f "tokens=1,2,5" %%a in ('%forcmds%') do (
  set processname=%%a
  set pid=%%b
  set handles=%%c
)
ECHO PROCESSNAME=%processname%, PID=%pid%, HANDLES=%handles%
:: check the existence of handles
::   if absent, we didn't find the service in PSLIST so just wait and try again
if not defined handles (
  call :msg unable to find %process% in PSLIST process data
  goto wait
)
:: if less than the threshold, just write out a message
if %handles% LSS %threshold% (
  call :msg process: %process%, handles: %handles%
  goto wait
)
:: the number of handles is greater than or equal to the threshold
::   issue a message and restart the service again
call :msg process: %process%, handles: %handles%, threshold: %threshold%
call :msg %service% is being restarted
psservice restart %service%

:: we should really check that the service has started,
::   but that's probably not worth the bother

:wait  for the required time interval, then begin again
ping -n %interval% 127.0.0.1>nul
goto loop

::----------------------------------------------------------------------------
:msg  write timestamped message to the log

:: generalised DATE and TIME routine for NT4/W2K/WXP and all Regional Settings
::   %yy% will contain four digits, 20nn;
::   %mm%, %dd% and time variables %hr%, %mn%, %sc% and %th% contain two digits
if "%date%A" LSS "A" (set toks=1-3) else (set toks=2-4)
for /f "skip=1 tokens=2-4 delims=(-)" %%a in ('echo.^|date') do (
   for /f "tokens=%toks% delims=.-/ " %%e in ('date /t')	 do (
	  for /f "tokens=5-8 delims=:., " %%i in ('echo.^|time') do (
		(set %%a=%%e) & (set %%b=%%f) & (set %%c=%%g) & rem create yy, mm, dd
		(set hr=%%i)  & (set mn=%%j)  & (set sc=%%k)  & (set th=%%l)
		rem  note the variable names for Time: hr, mn, sc, th
)))
if 1%yy% LSS 200 (set yy=20%yy%) & :: ensure 4-digit years in %yy%
if 1%hr% LSS 20  (set hr=0%hr%)  & :: ensure 2-digit hours in %hr%

>>%log% echo %yy%-%mm%-%dd% %hr%:%mn%:%sc%  %*

goto :eof

Of course I am making certain assumptions (like there is only one instance of the process name)…

BATcher

Plethora means a lot to me.

Reply | Quote

Holy moly that batch script is a bit more complicated than what I was trying to do. I’ll see what I can do to get it to work. Thanks. I’ll keep you posted.

Reply | Quote

Holy moly that batch script is a bit more complicated than what I was trying to do. I’ll see what I can do to get it to work. Thanks. I’ll keep you posted.

It’s actually pretty simple, but contains Useful Comments! If you strip those out, it’s less than 30 lines (ignoring the message subroutine at the bottom). It’s always a good idea to log what happens in this sort of BATch file…

BATcher

Plethora means a lot to me.

Reply | Quote