How to verify if a Windows Server shutdown was complete on server hardware before UPS killed power

apcshutdownupswindows-server-2012windows-server-2012-r2

Our Windows Server 2012 R2 machine just got its own UPS (APC Back-UPS RS 550G). I'm using the Windows release of apcupsd and since I would prefer if the UPS would turn off after shutdown I also added the -p parameter to the service. As the documentation clearly states, due to deficiencies in the operating system it cannot be guaranteed that the system has successfully completed shutdown when the UPS kills power as the "kill power" instruction can only be sent to the UPS while the system is still running. I therefore added a doshutdown.bat which first terminates essential services and then executes a customized shutdown command: c:\windows\System32\shutdown.exe /s /d u:6:12 /c "apcupsd doshutdown" /t 5 /f

When testing a power failure, triggering the shutdown works fine but the UPS appears to kill power before the server's power indicator LED turns from green to amber which keeps me asking if shutdown, including a final flush to disks (we don't have a RAID backup battery), was complete at that point (server is a Fujitsu Primergy TX1330 M1).

The Windows event log lists entries suggesting the shutdown may still have been successful at that point, however those entries appear after the first entries regarding the boot after power loss which usually would mean that the log could not be flushed to disk in time? (German screenshot only, sorry)

Do these log entries, despite appearing in the wrong order, confirm that the system has successfully completed shutdown?

The system's RAID 1 does not report any errors. IPMI event log does not contain any unusual entries (last event is "Operating system shutdown – reason: 0x0006000C 'Power fail: Environment'" at 14:02:58, matching the time of Windows' wrongly ordered log entries; next IPMI event is "Automatic restart after a primary power fail", as expected).

I know that not telling the UPS to "kill power" would be the safest way but I don't feel comfortable allowing the UPS to run idle on batteries, humming along for up to 11 hours with nobody in the office to power it off manually. Furthermore, if the server doesn't get the power killed & restored it won't boot up on its own.

Bonus question: Time between shutdown command and logged time of shutdown is 16 seconds. I know that UPS model (APC Back-UPS RS 550G) does leave some grace time between being issued a "kill power" command and actually terminating the line. However, I was unable to find any information on how this works – is it just a plain timer (and how much time does it leave?) or is it even watching for a drop in power consumption?

Best Answer

Not a complete answer, but your bonus question could be resolved by plugging the computer into a wall outlet without the UPS, and plugging some dumb load into the UPS (light bulb, desk fan, kettle... something similar to the power draw of the computer). Issue a normal shutdown on the computer, and watch to see what happens to the light bulb. Does the power get cut after a set time? Does the UPS monitor the power usage and only turn off once you turn off the bulb?

Related Solutions

Linux – One server, Two APC UPS on redundant power supplies : How to trigger shutdown

Currently when one of the two UPS dies, the doshutdown event is triggered, and executes the default script via apccontrol. The doshutdown script ignores the second UPS, as they are not event-connected, and proceed normally with the shutdown.

In order to have the doshutdown events somewhat connected, the two instances of apcupsd need a specifically customized configuration file. The difference will reside in the directory from which the events scripts have to be executed.

Main properties of first ups, in /etc/apcupsd/apcupsd.ups0.conf

SCRIPTDIR /etc/apcupsd/ups0
UPSNAME ups0
DEVICE /dev/ups0
PWRFAILDIR /etc/apcupsd/ups0
NOLOGINDIR /etc/apcupsd/ups0
NISPORT 3551
EVENTSFILE /var/log/apcupsd.0.events

And for the ups1, in /etc/apcupsd/apcupsd.ups1.conf

SCRIPTDIR /etc/apcupsd/ups1
UPSNAME ups1
DEVICE /dev/ups1
PWRFAILDIR /etc/apcupsd/ups1
NOLOGINDIR /etc/apcupsd/ups1
NISPORT 3552
EVENTSFILE /var/log/apcupsd.1.events

Each scriptdir should get a copy of the default scripts.
We want to customize the doshutdown script, which will not directly shutdown the machine, but has to check if the other UPS is still on, or is in shutdown mode.

At the top of the doshutdown script, we could add something like

for ups0

if [ ! -f /tmp/ups1.is.down ]
then
  touch /tmp/ups0.is.down
  exit 99
fi

for ups1

if [ ! -f /tmp/ups0.is.down ]
then
  touch /tmp/ups1.is.down
  exit 99
fi

the status 99 has a special meaning, that tells apccontrol to stop the action in progress. The five lines check if the other UPS-down-file has been created ; if no, the down-file is created for the ups being down, and exits. If yes, meaning the other UPS is down, this one is getting down as well, thus the script should continue and shutdown the machine.

The files /tmp/usp[01].is.down indicate if the ups[01] is currently down.

Important: the init.d start script of apcupsd should remove these files, if they have been created in a previous session:

rm -f /tmp/usp[01].is.down

Finally, the directories created above, /etc/apcupsd/ups[01] should be given access to the apcupsd user (or to whichever relevant user running the instances).

chown -R apcupsd /etc/apcupsd/ups[01]

Please have a look at the detailed documentation.

edit fixed the /tmp/ups[01].is.down names, the .is was missing.

Linux – How to wake a server after UPS Shuts it down when Mains power is restored

The typical scenario implemented when using UPS is:

On power loss, the UPS notifies the software component on the system(s) connected to it.
If the power is lost longer than n seconds, the UPS driver notifies the UPS and halts the system without powering it off (this is important).
UPS waits m seconds for the systems to halt, and cuts the power off.
When the power is restored and UPS battery is charged above minimum (so that it can support a power on and clean shut-down in case power is lost right after machines start booting), UPS restores the power to the systems.
Systems notice (at BIOS/UEFI level), that they were powered on before they lost power, so they boot up.

In most server BIOSes you can set the system to restore power state from before power loss. This means, that if the server is powered down and power is lost, it will remain powered down after you plug it in. On the other hand, if it was powered on, when the power was lost, it will power up when AC is restored.

NUT mentioned by BillThor should allow you to realize this scenario.

Best Answer

Related Solutions

Linux – One server, Two APC UPS on redundant power supplies : How to trigger shutdown

Linux – How to wake a server after UPS Shuts it down when Mains power is restored

Related Topic