Link to home
Start Free TrialLog in
Avatar of tucktech
tucktech

asked on

Trapping why Windows Server reboots randomly

Hello Experts,   I have a server that continues to reboot randomly.  I wiped out the OS and reinstalled all of the software.  It is a RDS (terminal service) server.

Is there a way to trap what is causing it to reboot?

I suspect a driver is causing the issue as the hardware checks out via manufacturer diagnostics.
SOLUTION
Avatar of Andy M
Andy M
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of tucktech
tucktech
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of tmoore1962
tmoore1962
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Ratnesh Mishra
Ratnesh Mishra
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of tucktech
tucktech

ASKER

tmoore1962, I have run hardware diagnostics, but you are correct, I have had bad memory play funny tricks unless extensive diagnostics are run to validate there is nothing wrong.  I will run memory diagnostics.

 Ratnesh Mishra, below are some logs, the interesting thing is that I don't have a 1074 fot the time around the unexpected restart.  Also, how do I setup audit log?

Log Name:      System
Source:        USER32
Date:          1/29/2014 12:11:44 AM
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      CC5.cc.ad
Description:
The process msiexec.exe has initiated the restart of computer CC5 on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
 Reason Code: 0x80030002
 Shutdown Type: restart
 Comment: The Windows Installer initiated a system restart to complete or continue the configuration of ''.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="USER32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T06:11:44.000000000Z" />
    <EventRecordID>9068</EventRecordID>
    <Channel>System</Channel>
    <Computer>CC5.cc.ad</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>msiexec.exe</Data>
    <Data>CC5</Data>
    <Data>No title for this reason could be found</Data>
    <Data>0x80030002</Data>
    <Data>restart</Data>
    <Data>The Windows Installer initiated a system restart to complete or continue the configuration of ''.</Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Binary>02000380000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        USER32
Date:          1/29/2014 12:00:09 AM
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          CC\administrator
Computer:      CC5.cc.ad
Description:
The process C:\Windows\System32\shutdown.exe (CC5) has initiated the restart of computer CC5 on behalf of user CC\Administrator for the following reason: No title for this reason could be found
 Reason Code: 0x800000ff
 Shutdown Type: restart
 Comment:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="USER32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T06:00:09.000000000Z" />
    <EventRecordID>8814</EventRecordID>
    <Channel>System</Channel>
    <Computer>CC5.cc.ad</Computer>
    <Security UserID="S-1-5-21-3111841159-2826495398-1470007349-500" />
  </System>
  <EventData>
    <Data>C:\Windows\System32\shutdown.exe (CC5)</Data>
    <Data>CC5</Data>
    <Data>No title for this reason could be found</Data>
    <Data>0x800000ff</Data>
    <Data>restart</Data>
    <Data>
    </Data>
    <Data>CC\Administrator</Data>
    <Binary>FF000080000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        USER32
Date:          1/28/2014 11:42:20 PM
Event ID:      1074
Task Category: None
Level:         Information
Keywords:      Classic
User:          SYSTEM
Computer:      CC5.cc.ad
Description:
The process msiexec.exe has initiated the restart of computer CC5 on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
 Reason Code: 0x80030002
 Shutdown Type: restart
 Comment: The Windows Installer initiated a system restart to complete or continue the configuration of 'NComputing vSpace Server for Windows'.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="USER32" />
    <EventID Qualifiers="32768">1074</EventID>
    <Level>4</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T05:42:20.000000000Z" />
    <EventRecordID>8566</EventRecordID>
    <Channel>System</Channel>
    <Computer>CC5.cc.ad</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data>msiexec.exe</Data>
    <Data>CC5</Data>
    <Data>No title for this reason could be found</Data>
    <Data>0x80030002</Data>
    <Data>restart</Data>
    <Data>The Windows Installer initiated a system restart to complete or continue the configuration of 'NComputing vSpace Server for Windows'.</Data>
    <Data>NT AUTHORITY\SYSTEM</Data>
    <Binary>02000380000000000000000000000000000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>



Log Name:      System
Source:        EventLog
Date:          1/29/2014 7:45:48 AM
Event ID:      6008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      CC5.cc.ad
Description:
The previous system shutdown at 7:41:30 AM on ¿1/¿29/¿2014 was unexpected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="EventLog" />
    <EventID Qualifiers="32768">6008</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-01-29T13:45:48.000000000Z" />
    <EventRecordID>9429</EventRecordID>
    <Channel>System</Channel>
    <Computer>CC5.cc.ad</Computer>
    <Security />
  </System>
  <EventData>
    <Data>7:41:30 AM</Data>
    <Data>¿1/¿29/¿2014</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>26800</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Binary>DE07010003001D00070029001E009902DE07010003001D000D0029001E0099023C0000003C000000000000000000000000000000000000000100000000000000</Binary>
  </EventData>
</Event>
Avatar of tucktech
tucktech

ASKER

this was my own comment back, not required for providing points to self.
Avatar of tucktech
tucktech

ASKER

The event logs never pointed to a specific issue.  A good memory check pointed out a hardware issue, memory.