SCENARIO: You are troubleshooting an issue and find that the problem is related to service that is shared. For example, say you identify a specific svchost process that is causing high CPU and you think you have identified one of the services running in that svchost as the culprit and you want to isolate it so that you can get a dump of that process. Here is a way to do that.
First identify the svchost and the child process you want to break out. You can do this a few ways.
- You can do it using the cmdline with the following command: tasklist /svc
- You can do it with process explorer - click here to get process explorer.
However, we will eventually use the cmdline as that will give us the service name we want. For our purposes, I am assuming that you already have a "Process ID" or "PID" of interest. Also, I am assuming that the process you are interested in is one that contains share services. Once you have the PID you can look that PID up using one of the above methods.
If you use process explorer and you are looking for say, PID 1552 and you suspect that the something in there is causing your problem, you can see how to view the services by hovering over the process.
You can also view this using the tasklist /svc command. This is what we will be using.
Let's say that we think process 1552 is a problem and we think that the problem is the LicenseManager services. In that case we would want to break that out into it's own process by using the following command: sc config LicenseManager type= own
As you can see, the command was successful in my case:
However, if you do another tasklist /svc, you will still see this service running under the same process.
You can view task manager under the services tab and right click the License Manager service and select stop and then right click on it again and select start.
Once you do this, you will see that the service started up with a new PID as it's own process. (Or you can use whatever other means you would use to stop and start the service)
You can confirm this by using the tasklist /svc command again. I ran it again and as you can see, the LicenseManager service is no longer running under 1552.
It is now running under it's own svchost.
After you have finished troubleshooting you should make the process shared again. You can do this using the following command: sc config LicenseManager type= share
After you run this command you will need to stop the LicenseManager service and start it again. You can then verify that it is shared again.
I hope this helps!
No comments:
Post a Comment