Link to home
Start Free TrialLog in
Avatar of VMaxDawg05
VMaxDawg05Flag for United States of America

asked on

winlogon.exe initiated a shutdown

All of my desktop computers (all running XP), and my server randomly have the OS shutdown occur without warning.  It starts happening in the early afternoon around 1:30-ish.  I have done malware and virus scans on all of the computers.  The OS is shutting down.  This is not a power loss issue/power supply problem.  

I have also re-installed XP on two of the computers and did not join them back to the domain.  The also performed unprovoked shutdown of the OS.

I modified the Local Policy to not allow Shutdown from any user.  It still happens.
Since the clean computers are doing the same, I assume that this is happening from a remote entity (LAN or WAN).  

I'm looking for suggestions as to where to go from here.
Avatar of Pradeep Dubey
Pradeep Dubey
Flag of India image
Enable shutdown tracker to findout the cause of this shutdown:

Click Start, and then click Run.
Type gpedit.msc, and then click OK.
Expand Computer Configuration, expand Administrative Templates, and then expand System.
Double-click Display Shutdown Event Tracker.
Click Enabled.
In the Shutdown Event Tracker should be displayed box, click Always, and then click OK.

http://support.microsoft.com/kb/293814
Avatar of VMaxDawg05
VMaxDawg05
Flag of United States of America image

ASKER

I turned on shutdown tracker on the computers.  One of them shut down anyway.
Log Entry:
Event Type:     Information
Event Source:   USER32
Event Category: None
Event ID:       1074
Date:           06/19/2013
Time:           4:01:34 PM
User:           CLEARVIEW\Julie
Computer:       OPTICAL-DESK
Description:
The process winlogon.exe has initiated the restart of OPTICAL-DESK for the following reason: Other (Unplanned)
 Minor Reason: 0x0
 Shutdown Type: power off
 Comment:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....  

Interesting.
Avatar of Pradeep Dubey
Pradeep Dubey
Flag of India image
So you know who is doing this
User:           CLEARVIEW\Julie

and for why contact her?
Avatar of VMaxDawg05
VMaxDawg05
Flag of United States of America image

ASKER

That is the local user that was logged on and using the computer when the shutdown happened.  It was not physically initiated by the user logged in.  The user was talking on the phone when the OS just shut down on her.  I witnessed it happen.   Also, I notice that the log entry says "initiated a restart", but it was actually a shutdown.  Interesting.
Avatar of Pradeep Dubey
Pradeep Dubey
Flag of India image
The process winlogon.exe has initiated the restart of OPTICAL-DESK for the following reason: Other (Unplanned)
Shutdown Type: power off

Shutdown type was power off so machine shutdown.

I have a question here:

This type of behavior we have seen when the OS is not activated with the proper license.
OS keep shutting down the machine in specific interval.

Can you find out the interval of these shutdown?
and also check the OS license.
Avatar of VMaxDawg05
VMaxDawg05
Flag of United States of America image

ASKER

I will verify the OS on that machine.  It is happening on seemingly all of their desktops randomly.
Avatar of VMaxDawg05
VMaxDawg05
Flag of United States of America image

ASKER

all operating systems are activated and are xp except for the server which is server 2008 r2. The interval is random. some days by the time you start up one computer another one or two shut down. then for no reason you can keep all computers up. 20 minutes later a computer shuts down.
ASKER CERTIFIED SOLUTION
Avatar of Jakob Digranes
Jakob Digranes
Flag of Norway image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial