The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation

Windows Server 2022: A Few Improvements, but No Changes to Windows Services

Posted on February 21, 2022 (Revised October 17, 2023)
Windows Server 2022

With surprisingly little fanfare, Microsoft released Windows Server 2022 in August 2021.

Don’t feel bad if you failed to notice — few people did! Clearly all the hype was focused on Windows 11, which debuted about six weeks later.

Anyway, here’s our technical take on the new operating system.

What’s new in Windows Server 2022

Server 2022 is more evolution than revolution. In fact, the most significant improvements are all under the hood.

Here are the top 3 enhancements, from our team’s perspective:

1. Tighter Security

  • Firmware attack prevention: When Server 2022 boots, it closely monitors boot processes to detect and block firmware-based viruses.

  • TLS 1.3 is enabled by default: The most advanced Transport Layer Security (TLS) protocol secures web traffic on Server 2022.

  • Encrypted DNS protects network conversations: The DNS Client now supports HTTPS, to keep your DNS traffic private.

Be sure to check out the full list of security improvements in the official documentation.

2. Better control through Windows Admin Center

Since its launch in 2019, Windows Admin Center (WAC) continues to get better in each version of Windows Server. We’re fans, and our team makes heavy use of WAC with our testing servers.

Besides controlling the new security features, WAC now includes automatic updates, automated extension lifecycle management and more.

3. Faster networking

TCP & UDP — the foundational communication protocols underpinning the Internet — received some overdue love and attention in Server 2022.

For example, TCP is more efficient on high-speed networks. That leads to smoother (and swifter) downloads.

Moreover, UDP packets can now go directly from the CPU to the network adapter’s specialized hardware. And on the receiving end, packets are coalesced to reduce CPU demands even more.

You should welcome these key performance upgrades — especially if you’re running a web server or other network-hungry software.

Windows Services: No new features or improvements

Microsoft didn’t alter any of the Windows Service functions in Server 2022. In fact, the Services API remains exactly the same as it is in Server 2019.

And because the underlying Windows Services functionality didn’t change, Server 2022 does not revise the popular service-related tools distributed with the operating system either.

The Services application (a.k.a. “services.msc”) looks exactly the same as it does in Server 2019:

Services on Windows Server 2022

Similarly, the command line options for the NET and SC utilities remain frozen in their 2019 state. Here you can see a comparison of SC’s output in Server 2022 and in Server 2019:

SC in Server 2022 vs 2019

AlwaysUp & Service Protector are fully compatible with Server 2022

We’ve been testing Windows Server 2022 every day for the past 3 months. In that time, we have not detected any incompatibilities with our software.

AlwaysUp launched Dropbox, OneDrive, Node.js and everything else we threw at it with zero problems.

To illustrate, here is AlwaysUp running NGINX as a Windows Service:

AlwaysUp running NGINX on Server 2022

Service Protector fared just as well. We tested Apache, PostgreSQL and MongoDB Windows Services, all without incident:

Service Protector on Server 2022

More information & resources

  • Watch this instructive video to learn even more about Windows Server 2022:

  • Did you know that you can try Windows Server 2022 for 180 days at no charge? Simply download and install. It’s a great way to test drive the new operating system before paying for an upgrade.

  • Mainstream support for Windows Server 2022 ends on October 13 2026. Extended support lasts for another 5 years and concludes on October 14, 2031. Mark your calendar!

You may also like...

3 Proven Ways to Send Email from a Windows Service (Without Outlook)

3 Proven Ways to Send Email from a Windows Service (Without Outlook)

Windows Server 2012 Certified

Windows Server 2012 Certified

Essential Windows Services: Windows Update (wuauserv)

Essential Windows Services: Windows Update (wuauserv)

Posted in Windows | Tagged , , , , , | Leave a comment

AlwaysUp Web Service Supports Reverse Proxy Servers

Posted on February 5, 2022 (Revised February 21, 2022)
Reverse Proxy

AlwaysUp Web Service version 13.2 was published on February 4 2022.

This new release — which is fully certified for Windows 11 and Windows Server 2022 — includes a handful of improvements and fixes. Consequently, please upgrade at your earliest convenience.

But of all the new features, the ability to work with reverse proxy servers is the most impactful. So let’s dig into that capability today…

What is a Reverse Proxy? Why would I use one?

A reverse proxy is an application that sits in front of one or more back-end services and enables users to access those services from a single location. In doing so, the proxy “hides” the location and other details of the back-end services from the users.

For example, let’s take Acme Inc — an IT company that operates three web services. Acme hosts each web service on its own internal server, accessible at the following URLs:

  • http://10.0.0.104/get-menu

  • http://10.0.0.105/wsapi/v2/create-booking

  • http://10.0.0.106:8880/daily-report.php

Because the web services are deployed on the company’s private network (10.x.x.x), none of them are accessible from the Internet. Therefore, customers cannot get menus, create bookings or view reports. And Acme wants to change that.

To make the web services accessible to its customers, Acme introduces a reverse proxy. Their IT team deploys a new server and configures it securely at https://api.acme.com.

Now customers can visit all three services under the same umbrella, at:

  • https://api.acme.com/api/food/get-menu

  • https://api.acme.com/api/reservations/wsapi/v2/create-booking

  • https://api.acme.com/api/reports/daily-report.php

As a result, with the help of the reverse proxy, Acme has provided a valuable service to it’s customers — all with security, scalability and usability in mind!

Reverse Proxy configuration

In order for AlwaysUp Web Service to work with a reverse proxy, the proxy must pass the following headers in each request it forwards:

  1. X-Base-URL: The path/location where the proxy server serves AlwaysUp Web Service. For example, if AlwaysUp Web Service should be available at http://proxy.acme.com/alwaysup-web-service/, the X-Base-URL value should be /alwaysup-web-service/.

  2. X-Forwarded-For: The originating IP address of the client connecting the proxy server. This allows AlwaysUp Web Service to track the true source of the request.

Reverse Proxy setup with NGINX

Let’s review an example with NGINX — a popular web server that supports reverse proxy configuration.

Acme hosts AlwaysUp Web Service at http://10.10.0.1:8585. In addition, its Internet-facing proxy server is accessible at http://proxy.acme.com.

To make AlwaysUp Web Service available to users outside of Acme’s internal network, the server section of the proxy’s NGINX configuration file looks like this:

server {
      listen 80;
      location /alwaysup/ {
            proxy_set_header X-Base-URL /alwaysup-web-service/;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://10.10.0.1:8585/;
      }
}

With that setup in place, Acme’s users can access AlwaysUp Web Service at http://proxy-server/alwaysup-web-service.

SSL Configuration

Setup is a tad more complicated when working with HTTPS. Assuming the same conditions as above, here is Acme’s NGINX configuration for the SSL scenario:

server {
      listen 443 ssl;
      ssl_certificate "ssl/certificate.pem";
      ssl_certificate_key "ssl/certificate-key.pem";
      ssl_protocols TLSv1.2;
      location /alwaysup/ {
            proxy_set_header X-Base-URL /alwaysup/;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://10.10.0.1:8585/;
      }
}

Feel free to use the self-signed certificate files distributed with AlwaysUp Web Service. They are available in the “certificates” sub-folder of the installation directory.

A sample NGINX configuration file (with server sections for both the HTTP and HTTPS scenarios) is available at our website.

Enjoy!

You may also like...

AlwaysUp 15.5: Advanced Support for PowerShell, OneDrive, and more

AlwaysUp 15.5: Advanced Support for PowerShell, OneDrive, and more

Restart your Application when the PC Resumes

AlwaysUp 8.7: Restart your Application when the PC Resumes

AlwaysUp Improvements for Dropbox/OneDrive/Box/Google Drive

AlwaysUp 9: Improvements for running Dropbox/Google Drive/Box Sync/OneDrive 24x7 in the background

Posted in AlwaysUp Web Service | Tagged , , , | Leave a comment

Q&A: Why can’t I open my Dropbox files even though Smart Sync is off?

Posted on January 17, 2022 (Revised January 7, 2023)
Q&A: Why can't I open my Dropbox files even though Smart Sync is off?
  I just installed AlwaysUp (13.3.3.17) specifically to keep a Dropbox synchronized with a Win 2012 R2 server.

I have followed the installation guide (wizard and then double checked the setting). Smart Sync is turned off.

The service seems to start from AlwaysUp, and using Process Explorer I can see that Dropbox started with a bunch of TCP/IP connections (5 or 6) after running for a few minutes, then that drops to 3 then 2 then back to 3 connections. However, I think this is a red herring because starting "in this session" does the same.

Anyway, if I try to access one of the files from the Dropbox folder I can navigate to the file but it is "lightened" (not greyed out, but not full color). When I try to open the file, a PDF for example, I get an error that the file cannot be accessed.

The server is not the original source of the data. That is, other people modified/created files in Dropbox and the server needs to access them.

If I restart the service “in this session”, when I access a file I see a Dropbox notification that the file is being download and I have access to the file.

This situation reads like the issues reported and fixed by setting QT_OPENGL as a environment variable but I tried it and still no luck.

Dropbox is the very latest, version 139.4.4896. I’m using a paid account.

If AlwaysUp cannot keep Dropbox running/syncing in the background then it is of no use to us.

How should we proceed to fix this?

— Christopher

Hi Christopher, sorry to hear of the trouble! We have hundreds of clients running Dropbox with AlwaysUp every day so I’m sure that we’ll be able to resolve your problem soon.

What’s up with Smart Sync?

You are on the right track in disabling the Smart Sync feature. As described in this article, Smart Sync doesn’t play well with background operation, such as when you start Dropbox at boot as a Windows Service.

Based on your message, you’ve configured the Sync tab of your Dropbox Preferences window like this, right?

Disable Smart Sync for new files

That’s good, but turning off the Save hard drive space automatically option might not be enough to get rid of Smart Sync entirely. That’s because the setting only applies to new files uploaded to Dropbox.com. It’s simply the default going forward.

Most importantly, some files uploaded to dropbox.com before you turned off Smart Sync may NOT be present to your hard drive. They will remain as “online only”, and Dropbox will only be fetch them from the cloud when you first open them on your server. As a result, those “older” files will be inaccessible when you are running Dropbox as a Windows Service with AlwaysUp.

Fortunately, the problem has an easy fix. Simply instruct Dropbox to download all your files — for real.

How to make all your Dropbox files “Local” (not “Online only”)

To force Dropbox to fully download all your files to your PC, you can update the settings for each folder.

Navigate to your Dropbox directory in File Explorer, right-click a sub folder and select Smart Sync > Local from the menu:

Set Smart Sync folder to Local

However, that may be very tedious!

Your best bet is to do away with the Sync feature entirely — as guided by the Dropbox crew:

Uninstall the system extension

Note: Uninstalling the system extension will disable Smart Sync, but you’ll still be able to use the Dropbox desktop app.

To uninstall the system extension:

  1. Sign in to dropbox.com.
  2. Click your avatar (profile picture or initials) in the upper-right corner.
  3. Choose Settings.
  4. Click the General tab.
  5. Toggle Dropbox system extension to off.

Admins: Uninstall the system extension from your team’s computers

As an admin, you can uninstall the Smart Sync system extension from your team’s computers. To do so, follow this link to the uninstall page of the admin console, check the boxes, and click Uninstall.

After the system extension is uninstalled, team members can still use the Dropbox desktop app, but all of their online-only files will become local and Smart Sync will be disabled for both their team account and any linked personal account they may have.

Alternatively, you can manage your team’s default Smart Sync settings without uninstalling the system extension for your team.

And with Smart Sync deactivated, Dropbox will download all your files when its running as a Windows Service. You shouldn’t have any problems opening your files.

Happy Dropboxing!

You may also like...

Dropbox Version 81.4.195 (September 18, 2019) Not Working With AlwaysUp For Some Customers

Dropbox Version 81.4.195 (September 18, 2019) Not Working With AlwaysUp For Some Customers

Q&A: Why doesn't Srvany Close my Application when I Stop the Service?

Q&A: Why doesn't Srvany Close my Application when I Stop the Service?

AlwaysUp 14.5: Smarter Starts for OneDrive, Dropbox and More

AlwaysUp 14.5: Smarter Starts for OneDrive, Dropbox and More

Posted in AlwaysUp | Tagged , , , , | Leave a comment

We’re Not Affected by the December 2021 Apache Log4j Vulnerability

Posted on December 14, 2021 (Revised February 21, 2022)
We're Not Affected by the Apache Log4j Vulnerability

In early December 2021, a severe remote code vulnerability was revealed in Apache Log4j — a very popular Java-based logging framework used by developers of web and server applications.

The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous — and the latest updates for those server applications urgent! In fact, malicious actors are already hard at work exploiting the flaw.

We’re taking this issue very seriously at Core Technologies Consulting. A thorough analysis of our systems has concluded that:

  • None of our Windows software uses Apache Log4j.

    AlwaysUp, Service Protector and our free utilities are not exposed.

  • Log4j2 <= 2.14.1 is not used by any software in our infrastructure.

    Our back end components use other logging frameworks (e.g. Monolog) to capture important messages from the server software.

  • All back end security patches have been applied.

    Our Linux application servers are configured to automatically deploy security patches as they become available.

We’ll continue to monitor the situation as it evolves.

Please be sure to reach out to our support team if you have any questions or would like additional information.

Stay safe!

You may also like...

Service Protector 9.5 Helps You Bulletproof Your Network Services

Service Protector 9.5 Helps You Bulletproof Your Network Services

Q&A: How do I Run my Script as a Windows Service — but only during Working Hours?

Q&A: How do I Run my Script as a Windows Service — but only during Working Hours?

Q&A: Why can't I open my Dropbox files even though Smart Sync is off?

Q&A: Why can't I open my Dropbox files even though Smart Sync is off?

Posted in Support | Tagged , , , , , | Leave a comment

Q&A: Why does AlwaysUp run the 32-bit Version of PowerShell?

Posted on December 13, 2021 (Revised February 21, 2022)
Why does AlwaysUp run the 32-bit Version of PowerShell?
  We have been trying to get a particular PowerShell script running as a service for some time now. I have been pulling my hair out but I think I finally found the issue and I don’t understand why it’s happening.

I am using a 64-bit PowerShell module (SqlServer). My script runs fine in the ISE, no issues. But, every time I run it from AlwaysUp it gets an error that it cannot find the module. What I finally found out is AlwaysUp is launching the 32-bit version of PowerShell and not the 64-bit version that I’m calling out. So, even though my script calls the 64-bit version of PowerShell, it’s launching the 32-bit version, which is not compatible with what I’m doing.

Here is what I have specified in AlwaysUp:

Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Arguments: <The full path to my PowerShell script>
Start in: <The folder containing my PowerShell script>

How I’m confirming my suspicions:

I’m running the PS command [Environment]::Is64BitProcess and dumping the display to a text file. When running this command, it returns true if the instance is 64-bit, otherwise false. I confirmed this works as expected by opening both PowerShell ISEs (32/64) and the correct response was given. However, the command always returns false when running through AlwaysUp.

Any help would be greatly appreciated.

— Dustin

Hi Dustin, sorry to hear of the trouble! Thanks for doing the detective work to clearly illustrate the problem for our support team.

The issue is caused by a bit of magic that Windows performs to maintain compatibility between 32-bit and 64-bit applications. Let’s explore some special folders.

The System32, SysWOW64 and Sysnative folders

On your 64-bit system, 64-bit applications distributed with the operating system live in this folder:

C:\Windows\System32

Similarly, this folder holds the equivalent 32-bit versions of those Windows applications:

C:\Windows\SysWOW64

For example, we have the 64-bit version of powershell.exe in the System32 directory:

powershell.exe in the System32 directory

While the 32-bit version resides in exactly the same place under the SysWOW64 folder:

powershell.exe in the SysWOW64 folder

If you switch to the “Details” tab, you will see that both executables have exactly the same version number. In fact, they perform identically when run.

Now here is where the magic comes in…

When a 64-bit program launches an application under the System32 folder, Windows simply starts the application, as expected.

However, when a 32-bit program tries to run an application that lives under the System32 folder, Windows:

  1. Replaces C:\Windows\System32 with C:\Windows\SysWOW64 in the application’s path, and

  2. Runs the application from that SysWOW64 location.

For example, if a 32-bit program tries to start C:\Windows\System32\notepad.exe, Windows will run C:\Windows\SysWOW64\notepad.exe instead!

Windows performs this “remapping” to provide stability for 32-bit applications, which often have trouble working with 64-bit applications. Microsoft thinks it is best to ensure that legacy 32-bit programs work with a legacy “32-bit view” of the operating system. Indeed, that makes sense when maintaining backward compatibility is top-of-mind.

However, the price of that safety is that a 32-bit application can never directly invoke a 64-bit executable sitting in the System32 folder. If it tries, Windows simply rewrites the path to target the 32-bit executable instead (as mentioned in the example above).

But then how does a 32-bit program start a 64-bit system utility?

If a 32-bit program really needs to invoke a 64-bit system executable, it can do so by citing the Sysnative virtual folder.

For instance, if a 32-bit application wants to run the 64-bit version of notepad, it should invoke:

C:\Windows\Sysnative\notepad.exe

In that way, the Sysnative folder makes it possible for 32-bit programs to call 64-bit operating system utilities.

Why AlwaysUp launches the wrong version of PowerShell

AlwaysUp is a 32-bit application. As such, it is bound by the rules above.

So when AlwaysUp launches the application you provided:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Windows actually starts:

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

which is the 32-bit version of PowerShell.

How to make AlwaysUp launch the 64-bit PowerShell executable

To make AlwaysUp run the 64-bit version of PowerShell, specify this value in the “Application” field:

C:\Windows\Sysnative\WindowsPowerShell\v1.0\powershell.exe

Doing so will force Windows to invoke the version you want.

Fortunately AlwaysUp is perfectly fine working with 64-bit applications, so you won’t run into any compatibility issues there. Please make the change and let us know if you don’t get the desired result!

Even though we have a solution, there is one corollary we should mention…

Why can’t I see the Sysnative folder?

Curiously, if you open the File Explorer and navigate to C:\Windows\Sysnative, the operation will fail. That’s because the Sysnative folder is only accessible by 32-bit applications. 64-bit programs (like the File Explorer you started) simply cannot see that directory.

However, to prove for yourself that the folder exists for 32-bit applications, start a 32-bit command prompt by running this command:

C:\Windows\SysWoW64\cmd.exe

Magically, the Sysnative folder will be visible from there:

32-bit CMD accessing the Sysnative folder

You may also like...

AlwaysUp Improvements for Dropbox/OneDrive/Box/Google Drive

AlwaysUp 9: Improvements for running Dropbox/Google Drive/Box Sync/OneDrive 24x7 in the background

AlwaysUp Feature Spotlight: Run your App Without Admin Rights

AlwaysUp Feature Spotlight: Run your App Without Admin Rights

Q & A: How do I Update my Dropbox Preferences?

Q & A: How do I Update my Dropbox Preferences?

Posted in AlwaysUp | Tagged , , , , , , | Leave a comment
 

Products

Topics/Tags

windows-services automatic-delayed q&a windows-service-auditor security net.exe new-release google-drive interactive-services event-viewer sc.exe alwaysup windows-10 service-security-editor service-protector customer-spotlight windows-11 support windows-8 onedrive session-0-isolation sanity-check java services.msc windows-server-2012 essential-tools dropbox essential-windows-services troubleshooter task-scheduler

Categories

Archives

Search This Blog


Home  | Products  | Support  | Company  | Privacy Policy  | Site Map
Run Application as Windows Service  | Auto-restart Windows Services  | Srvany vs. AlwaysUp  | AlwaysUp FAQ
How to Run Popular Applications as Windows Services  | Windows Services FAQ

Copyright © 2004-2025 Core Technologies Consulting, LLC
7028-B Thornhill Drive, Oakland CA 94611, USA
Phone: +1 (510) 343-3565  |  FAX: +1 (208) 979-1109