troubleshooting Question
Computer automatically reboots after gpo for automatic reboot is removed
aerblich asked on
i have a gpo for scheduling a task to automatically restart domain computers at a specific time. I have one executive who works late so I want to disable that gpo for him, and as such, moved him and his computer to new ou's in ad. the scheduled task is now removed from his computer, yet the computer keeps restarting at the scheduled time as if the gpo is still in force. I need help figuring out how to prevent his pc from restarting at 6pm. Below are some logs of interest from the event viewer:
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:15 PM
Event ID: 7045
Task Category: None
Level: Information
Keywords: Classic
User: CONTOSO\Administrator
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
A service was installed in the system.
Service Name: PsShutdown
Service File Name: %SystemRoot%\PSSDNSVC.EXE
Service Type: user mode service
Service Start Type: demand start
Service Account: LocalSystem
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="16384">7045</E
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102234</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="904" />
<Channel>System</Channel>
<Computer>DOMAIN-COMPUTER.
<Security UserID="S-1-5-21-245992603
</System>
<EventData>
<Data Name="ServiceName">PsShutd
<Data Name="ImagePath">%SystemRo
<Data Name="ServiceType">user mode service</Data>
<Data Name="StartType">demand start</Data>
<Data Name="AccountName">LocalSy
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:15 PM
Event ID: 7030
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
The PsShutdown service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="49152">7030</E
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102235</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="904" />
<Channel>System</Channel>
<Computer>DOMAIN-COMPUTER.
<Security />
</System>
<EventData>
<Data Name="param1">PsShutdown</
</EventData>
</Event>
Log Name: System
Source: USER32
Date: 1/3/2019 6:05:16 PM
Event ID: 1074
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: domain-computer.contoso.LO
Description:
The process wininit.exe (127.0.0.1) has initiated the restart of computer domain-computer on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
Reason Code: 0x80070000
Shutdown Type: restart
Comment:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="USER32" />
<EventID Qualifiers="32768">1074</E
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102236</Eve
<Channel>System</Channel>
<Computer>domain-computer.
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>wininit.exe (127.0.0.1)</Data>
<Data>domain-computer</Dat
<Data>Legacy API shutdown</Data>
<Data>0x80070000</Data>
<Data>restart</Data>
<Data>
</Data>
<Data>NT AUTHORITY\SYSTEM</Data>
<Binary>000007800000000000
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:16 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
The PsShutdown service entered the running state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="16384">7036</E
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102238</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="904" />
<Channel>System</Channel>
<Computer>DOMAIN-COMPUTER.
<Security />
</System>
<EventData>
<Data Name="param1">PsShutdown</
<Data Name="param2">running</Dat
<Binary>500073005300680075
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:16 PM
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
The PsShutdown service terminated unexpectedly. It has done this 1 time(s).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="49152">7034</E
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102239</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="924" />
<Channel>System</Channel>
<Computer>DOMAIN-COPMUTER.
<Security />
</System>
<EventData>
<Data Name="param1">PsShutdown</
<Data Name="param2">1</Data>
</EventData>
</Event>
Shortly after these events the OS logs kernel power manager and shutdown followed by the restart.
I need to get this behavior to stop, so any help would be GREATLY appreciated.
Thanks in advance.
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:15 PM
Event ID: 7045
Task Category: None
Level: Information
Keywords: Classic
User: CONTOSO\Administrator
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
A service was installed in the system.
Service Name: PsShutdown
Service File Name: %SystemRoot%\PSSDNSVC.EXE
Service Type: user mode service
Service Start Type: demand start
Service Account: LocalSystem
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="16384">7045</E
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102234</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="904" />
<Channel>System</Channel>
<Computer>DOMAIN-COMPUTER.
<Security UserID="S-1-5-21-245992603
</System>
<EventData>
<Data Name="ServiceName">PsShutd
<Data Name="ImagePath">%SystemRo
<Data Name="ServiceType">user mode service</Data>
<Data Name="StartType">demand start</Data>
<Data Name="AccountName">LocalSy
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:15 PM
Event ID: 7030
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
The PsShutdown service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="49152">7030</E
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102235</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="904" />
<Channel>System</Channel>
<Computer>DOMAIN-COMPUTER.
<Security />
</System>
<EventData>
<Data Name="param1">PsShutdown</
</EventData>
</Event>
Log Name: System
Source: USER32
Date: 1/3/2019 6:05:16 PM
Event ID: 1074
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: domain-computer.contoso.LO
Description:
The process wininit.exe (127.0.0.1) has initiated the restart of computer domain-computer on behalf of user NT AUTHORITY\SYSTEM for the following reason: Legacy API shutdown
Reason Code: 0x80070000
Shutdown Type: restart
Comment:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="USER32" />
<EventID Qualifiers="32768">1074</E
<Level>4</Level>
<Task>0</Task>
<Keywords>0x80000000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102236</Eve
<Channel>System</Channel>
<Computer>domain-computer.
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>wininit.exe (127.0.0.1)</Data>
<Data>domain-computer</Dat
<Data>Legacy API shutdown</Data>
<Data>0x80070000</Data>
<Data>restart</Data>
<Data>
</Data>
<Data>NT AUTHORITY\SYSTEM</Data>
<Binary>000007800000000000
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:16 PM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
The PsShutdown service entered the running state.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="16384">7036</E
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102238</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="904" />
<Channel>System</Channel>
<Computer>DOMAIN-COMPUTER.
<Security />
</System>
<EventData>
<Data Name="param1">PsShutdown</
<Data Name="param2">running</Dat
<Binary>500073005300680075
</EventData>
</Event>
Log Name: System
Source: Service Control Manager
Date: 1/3/2019 6:05:16 PM
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DOMAIN-COMPUTER.CONTOSO.LO
Description:
The PsShutdown service terminated unexpectedly. It has done this 1 time(s).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-
<EventID Qualifiers="49152">7034</E
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80800000000000
<TimeCreated SystemTime="2019-01-04T02:
<EventRecordID>102239</Eve
<Correlation />
<Execution ProcessID="784" ThreadID="924" />
<Channel>System</Channel>
<Computer>DOMAIN-COPMUTER.
<Security />
</System>
<EventData>
<Data Name="param1">PsShutdown</
<Data Name="param2">1</Data>
</EventData>
</Event>
Shortly after these events the OS logs kernel power manager and shutdown followed by the restart.
I need to get this behavior to stop, so any help would be GREATLY appreciated.
Thanks in advance.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 11 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.