What might have caused a win xp machine to reboot at 1AM on Wed 2/19?
A home user that I provide patch management, monitoring and AV with GFI signed up with a backup service (not mine) and asked me to make sure her machine did not reboot last night as it does the initial seeding.
I went into her machine in GFI dashboard and turned off patch management. In GFI, I have reboot set to 'if needed'.
Today she says her machine rebooted overnight and is "blaming" me. GFI does show it rebooted at around 1AM.
I confirmed that in the GFI dashboard, her machine patch management is OFF. I looked under GFI, settings, patch management and don't see any patches that came out yesterday / would have been installed last night.
I guess I'll log in remotely and check the event log to see if there was any indication of what caused the reboot, but would anyone know what might have caused the reboot? Patch Tuesday is usually the 2nd Tuesday of the month, right? This was the 3rd Tuesday.
Thanks!
I went into her machine in GFI dashboard and turned off patch management. In GFI, I have reboot set to 'if needed'.
Today she says her machine rebooted overnight and is "blaming" me. GFI does show it rebooted at around 1AM.
I confirmed that in the GFI dashboard, her machine patch management is OFF. I looked under GFI, settings, patch management and don't see any patches that came out yesterday / would have been installed last night.
I guess I'll log in remotely and check the event log to see if there was any indication of what caused the reboot, but would anyone know what might have caused the reboot? Patch Tuesday is usually the 2nd Tuesday of the month, right? This was the 3rd Tuesday.
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I'm my own worst enemy (that was a really good TV show) - I had a script in GFI that reboots the machine at 1AM.
Although I rem'ed out the reboot command in the batch in GFI and it should have pushed it to the machines. Now to figure out why the script didn't get updated on the machine.
Although I rem'ed out the reboot command in the batch in GFI and it should have pushed it to the machines. Now to figure out why the script didn't get updated on the machine.
:)
ASKER
12:52AM: Event 7036 The Volume Shadow Copy service entered the stopped state.
----
12:58:36 AM: Event 7045: A service was installed in the system.
Service Name: gfiark
Service File Name: system32\drivers\gfiark.sy
Service Type: kernel mode driver
Service Start Type: demand start
Service Account:
-----
12:58:37 that same message at 12:58:36
----
12:59:59 Event 7036 The Volume Shadow Copy service entered the running state.
----
1:00:12 Event 1074: The process C:\Windows\system32\shutdo
Reason Code: 0x800000ff
Shutdown Type: restart
Comment:
-----
1:00:12 Event 7036: The Application Experience service entered the running state.
----
1:07:26 Event 12: The operating system started at system time ¿2014¿-¿02¿-¿19T06:07:25.6
----
1:07:27 Event 6: File System Filter 'FileInfo' (6.1, ¿2009¿-¿07¿-¿13T18:34:25.0
-----
1:07:27: Event 1 ShadowProtect driver loaded (version 2.2.63.19761).
-----
and then a whole bunch of info events for services that were started.
So again, this machine has shadowProtect, but the first one doesn't. They both have GFI,
any thoughts?