I've got a client with sbs 2008 running exchange and AD/DC onsite. This afternoon, the server spontaneously shut itself down, cleanly i might add, twice. 53 mins apart. I've reviewed the event logs and both times:
The process Explorer.EXE has initiated the shutdown of computer SRASERVER09 on behalf of user srafoods\Administrator for the following reason: Other (Planned)
Reason Code: 0x85000000
Shutdown Type: shutdown
I've changed the administrator password and a third shutdown, 53 mins later or somewhere there abouts, has not occurred, which I would expect were this a service or application related error. I hesitate to make this accusation, because it has large implications in this case, but in the absence of other errors in the event log, does this error not point to the fact that someone intentionally shut this server down by way of the administrator account? I need to entertain all other possibilities.