I'm trying to diagnose why cygwin sshd service starts and stops immediately. In the Vista application event log I found:
sshd: PID 3480: `sshd' service stopped, exit status: 255
It doesn't help much.
Where could I look for other hints? Other places in log than application?
If the process is crashing during or immediately after startup, which appears to be the case, an event ID 1000 "Application Error" event should be logged in your Application log, possibly surrounded by a couple of Windows Error reporting entries.
If I were you, I would set procdump.exe from Sysinternals as my Just-In-Time debugger. You can do that with the command:
procdump.exe -ma -i C:\dumps
That modifies the AEDebug registry key so that whenever a process crashes on your system, it will trigger procdump.exe to capture a memory dump of the process which you can then open in Windbg and see what was on its stack right before it died, etc.
But anyway, if the process is not crashing, but instead exiting gracefully because of some other internal condition in its own logic, which I kinda' suspect because I don't think the application would have ever gotten the chance to write that event you mentioned to the log, then use Process Monitor (procmon) instead to trace the running system while you attempt to start the service.
Now stop your trace and follow your process. What did it try to access? Look for Result != SUCCESS events from that process... maybe it was looking for a file on disk or a registry key that it could not find. You might see something like the process trying to bind to the socket on port 443 but was denied access, or could not find a certificate, etc.
While not a silver bullet, if you follow the advice I gave you, it'll be the best information that you'll get and the best chance you have of debugging this.
