I've taken a look at this and it doesn't really help in my situation, although it does give some interesting background information. Basically, I logged into a Windows Server 2008R2 machine that I was using and left idle last night to find that the machine had unexpectedly rebooted (the reason I know this is because Windows asked me for a reason for the reboot).
I took a look at the Event Viewer log on the server, and from when MS SQL came back up (it logs a lot of activity to the application log when that happens) it looks like the reboot happened around 12:30AM. However, there's no 1074 event that accompanies it to help explain why the reboot occurred. As well, I don't see any errors reported.
For reference, no work was supposed to be occurring on the server last night. Server updates should not be occurring automatically, although I would expect that if they kicked off they would log something to the event viewer about how many updates were applied.
The roles on the server are Remote Server Administration tools (it functions as a RDP host) and IIS/File Services. SQL Server 2008 R2 and Visual Studio 2013 are both installed on this server as well.
The server is a VM living on an ESX server, but looking at vSphere client I don't see anything corresponding to that time.
What other logs could I look at to help determine the cause of the unexpected reboot?
Best Answer
I would first make sure that all logging is enabled. You should be able to find something in the event log referencing Kernel-Power. Under System, if the reboot was truly unexpected by the OS, event ID 41 should be logged. If this event is not present, try searching for ID 6006 (event logging service stopped). The items before or after that event, within your timeframe, should give a little more insight. I would also look for bug checks.
Didn't have enough rep to comment on this, I'm aware this may not answer your question.