well, there's a couple of things in play here.
1. - httpd -k graceful is a unix command line option , not a Windows one. So I suspect that is the source of that issue.
reference -
This document covers stopping and restarting Apache on Unix-like systems. Windows NT, 2000 and XP users should see Running Apache as a Service and Windows 9x and ME users should see Running Apache as a Console Application for information on how to control Apache on those platforms.
http://httpd.apache.org/docs/2.1/stopping.htmlread down the page a bit.
I gave you that first URL - so you would read which command line options exist for WINDOWS.
http://httpd.apache.org/docs/2.1/platfo ... ml#winconsYou can also tell Apache to restart. This forces it to reread the configuration file. Any operations in progress are allowed to complete without interruption. To restart Apache, either press Control-Break in the console window you used for starting Apache, or enter
httpd.exe -k restart
You may have to use net start . stop as it is a Windows Service. I start and stop Apache that way when I am running backups. But I mean I want to do a full stop -- not a restart. I also stop MySQL at the same time, for the same reason. I rum two different baclups in parallel - one that is a sqldump and one that is an incremental file system backup of XAMPP.
2. - I think you may also be hitting a wall with PHP - because it relies on Apache to instaniate itself. PHP exists iff Apache exists. SO if you ask PHP to exit and perform a command, that restarts the executable that called it - it is in an indefinite state. The command/system call is supposed to return control to the service (PHP as DLL i.e php5ts.dll, -- called by httpd.exe you just killed.) with some error level set you should be reading from the OS, right? Who knows what that does with all the 'stuff'?
As for security - IIS is a lot more secure on a Windows server than Apache is, and it has just about all the same pieces (although the skill set is completely different) I have 2 W2K3 servers and 1 W2K8, all production severs - so I am not blowing smoke. I am only speaking from my own experience, and I don't I don't expect everyone to agree. I run some very sophisticated ISAPI based security software that runs alongside the native windows authentication schema.
But if you know Apache fairly well, you can plug most holes Still, there are things that Apache simply cannot do on Windows that it can do on *nix systems, and that is a function of its heritage, and the difference in system architectures and calls.
Good Luck
The 'right solution' for all these things is a provisioning system.