?
Solved

What might have caused a win xp machine to reboot at 1AM on Wed 2/19?

Posted on 2014-02-19
8
Medium Priority
?
781 Views
Last Modified: 2014-02-20
A home user that I provide patch management, monitoring and AV with GFI signed up with a backup service (not mine) and asked me to make sure her machine did not reboot last night as it does the initial seeding.

 I went into her machine in GFI dashboard and turned off patch management. In GFI, I have reboot set to 'if needed'.

 Today she says her machine rebooted overnight and is "blaming" me. GFI does show it rebooted at around 1AM.

 I confirmed that in the GFI dashboard, her machine patch management is OFF. I looked under GFI, settings, patch management and don't see any patches that came out yesterday / would have been installed last night.

I guess I'll log in remotely and check the event log to see if there was any indication of what caused the reboot, but would anyone know what might have caused the reboot? Patch Tuesday is usually the 2nd Tuesday of the month, right? This was the 3rd Tuesday.

Thanks!
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 19

Assisted Solution

by:regmigrant
regmigrant earned 400 total points
ID: 39870377
a critical security update can be released anytime and may require a reboot - I don't see any logged since 16/2 but then again I am not running XP
0
 
LVL 47

Assisted Solution

by:noxcho
noxcho earned 800 total points
ID: 39870379
Check if in C:\Minidumps any file has been created. The automatic reboot could happen if the system recovery settings are set to reboot the machine automatically if any serious problem occurs with Windows.
0
 
LVL 11

Assisted Solution

by:BillBondo
BillBondo earned 400 total points
ID: 39870557
Perhaps she simply lost power... and like my machines restarted
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 12

Assisted Solution

by:Infamus
Infamus earned 400 total points
ID: 39871674
Event log should be able to tell you the cause of the reboot.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39872112
I happened to check another machine on an entirely different network that I also manage with GFI and it still has patch management enabled.  It also has Shadow Protect on it.  What do you think of this list of messages in the 10 minutes before reboot:  The system has shadow Protect

12:52AM: Event 7036 The Volume Shadow Copy service entered the stopped state.
----
12:58:36 AM: Event 7045: A service was installed in the system.

Service Name:  gfiark
Service File Name:  system32\drivers\gfiark.sys
Service Type:  kernel mode driver
Service Start Type:  demand start
Service Account:  
-----
12:58:37 that same message at 12:58:36
----
12:59:59 Event 7036 The Volume Shadow Copy service entered the running state.
----
1:00:12 Event 1074: The process C:\Windows\system32\shutdown.exe (ANNA-PC) has initiated the restart of computer ANNA-PC on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found
 Reason Code: 0x800000ff
 Shutdown Type: restart
 Comment:  
-----
1:00:12 Event 7036: The Application Experience service entered the running state.
----
1:07:26 Event 12: The operating system started at system time ¿2014¿-¿02¿-¿19T06:07:25.626398500Z.
----
1:07:27 Event 6: File System Filter 'FileInfo' (6.1, ¿2009¿-¿07¿-¿13T18:34:25.000000000Z) has successfully loaded and registered with Filter Manager.
-----
1:07:27: Event 1 ShadowProtect driver loaded (version 2.2.63.19761).
-----
and then a whole bunch of info events for services that were started.

So again, this machine has shadowProtect, but the first one doesn't.  They both have GFI,

any thoughts?
0
 
LVL 47

Accepted Solution

by:
noxcho earned 800 total points
ID: 39872679
Run of Shadiw Protect backup could cause restart due to the fact that VSS could not take snapshot of the volume and thus required exclusive access rights to the volume. This is possible only with restart.
Another possible reason - the memory leak could happen and the systen has to restart fix this problem. But you do not tell if minidump folder has any file created.
0
 

Author Comment

by:BeGentleWithMe-INeedHelp
ID: 39873092
I'm my own worst enemy (that was a really good TV show) - I had a script in GFI that reboots the machine at 1AM.

Although I rem'ed out the reboot command in the batch in GFI and it should have pushed it to the machines. Now to figure out why the script didn't get updated on the machine.
0
 
LVL 47

Expert Comment

by:noxcho
ID: 39873177
:)
0

Featured Post

Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I’m often asked about newer and larger USB drives connected to SBS2008 and 2011 failing Windows Server Backup vs the older USB drives not failing. As disk space continues to grow and drive technology change SBS2008 and some SBS2011 end up with the f…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question