Determining why Windows Server restarts
Posted on 2003-03-20
I have a web server that has run great for over two years. It is a dual Pentium 1.0 Ghz, 2 GB of RAM, RAID 5 SCSI hard disks. It is running Windows 2000 Advanced Server SP3. I have always made sure to keep up on all the latest security patchs and upgrades. I have URLScan installed, run the IIS lock-down tool, followed the MS Baseline Security Analyzer, run through all the security policies and keep up with MS TechNet site. I have numerous auditing procedures in place to track logins, failures, problems, etc. Until recently, the server would work great. Staying up for over a month, until I had to restart to apply patches or something else. It would crash occasionally, but very rarely. For the past 2 weeks though, it has been crashing almost daily. After a crash, it reboots immediatly and is only down for about 3-4 minutes, but it is getting very irritating and I am very worried that it might get worse. After rebooting, the System Event log has an entry stating "The previous sustem shutdown at <time> on <date> was unexpected." What I want to know is how I can find out what caused the crash (I am assuming "blue screen"). Are there any programs available to tell you this or to read the "memory.dmp" file created when the crash occurs? Is there a setting in Windows that will help me track this down? I am assuming that it is a hardware or perhaps a COM object that is causing some sort of overrun, but I have no way of troubleshooting to track down the culprit. Any advice is appreciated.