Solved

winlogon.exe initiated a shutdown

Posted on 2013-06-19
8
3,020 Views
Last Modified: 2013-07-03
All of my desktop computers (all running XP), and my server randomly have the OS shutdown occur without warning.  It starts happening in the early afternoon around 1:30-ish.  I have done malware and virus scans on all of the computers.  The OS is shutting down.  This is not a power loss issue/power supply problem.  

I have also re-installed XP on two of the computers and did not join them back to the domain.  The also performed unprovoked shutdown of the OS.

I modified the Local Policy to not allow Shutdown from any user.  It still happens.
Since the clean computers are doing the same, I assume that this is happening from a remote entity (LAN or WAN).  

I'm looking for suggestions as to where to go from here.
0
Comment
Question by:VMaxDawg05
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39260096
Enable shutdown tracker to findout the cause of this shutdown:

Click Start, and then click Run.
Type gpedit.msc, and then click OK.
Expand Computer Configuration, expand Administrative Templates, and then expand System.
Double-click Display Shutdown Event Tracker.
Click Enabled.
In the Shutdown Event Tracker should be displayed box, click Always, and then click OK.

http://support.microsoft.com/kb/293814
0
 
LVL 1

Author Comment

by:VMaxDawg05
ID: 39260840
I turned on shutdown tracker on the computers.  One of them shut down anyway.
Log Entry:
Event Type:     Information
Event Source:   USER32
Event Category: None
Event ID:       1074
Date:           06/19/2013
Time:           4:01:34 PM
User:           CLEARVIEW\Julie
Computer:       OPTICAL-DESK
Description:
The process winlogon.exe has initiated the restart of OPTICAL-DESK for the following reason: Other (Unplanned)
 Minor Reason: 0x0
 Shutdown Type: power off
 Comment:

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00               ....  

Interesting.
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39262009
So you know who is doing this
User:           CLEARVIEW\Julie

and for why contact her?
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 1

Author Comment

by:VMaxDawg05
ID: 39262107
That is the local user that was logged on and using the computer when the shutdown happened.  It was not physically initiated by the user logged in.  The user was talking on the phone when the OS just shut down on her.  I witnessed it happen.   Also, I notice that the log entry says "initiated a restart", but it was actually a shutdown.  Interesting.
0
 
LVL 11

Expert Comment

by:Pradeep Dubey
ID: 39262127
The process winlogon.exe has initiated the restart of OPTICAL-DESK for the following reason: Other (Unplanned)
Shutdown Type: power off

Shutdown type was power off so machine shutdown.

I have a question here:

This type of behavior we have seen when the OS is not activated with the proper license.
OS keep shutting down the machine in specific interval.

Can you find out the interval of these shutdown?
and also check the OS license.
0
 
LVL 1

Author Comment

by:VMaxDawg05
ID: 39262137
I will verify the OS on that machine.  It is happening on seemingly all of their desktops randomly.
0
 
LVL 1

Author Comment

by:VMaxDawg05
ID: 39275747
all operating systems are activated and are xp except for the server which is server 2008 r2. The interval is random. some days by the time you start up one computer another one or two shut down. then for no reason you can keep all computers up. 20 minutes later a computer shuts down.
0
 
LVL 21

Accepted Solution

by:
Jakob Digranes earned 500 total points
ID: 39288049
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

OfficeMate Freezes on login or does not load after login credentials are input.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question