I'm having problems with a server that has been restarting itself randomly for the past 3 months. The server is windows 2003 with SP2 Domain Controller and it is fully patched.
I have seen the following errors in event log:
Source: USER32
Category: None
Type: Information
Event ID: 1074
User: Domain\Administrator
The process winlogon.exe has initiated the restart of computer (server name) on behalf of user domainname\Administrator for the following reason: No title for this reason could be found
Reason Code: 0x840000ff
Shutdown Type: restart
I have ran out of ideas as to what might be causing this issue. The system is clean and not infected. There are no scheduled tasks responsible for the restart either.
I'm considering moving the backup (Backup Exec 12.5) to a different server but I'm almost certain that this is not the issue as the restart times vary and do not match the scheduled backup jobs.
Any suggestions to help me resolve this issue would be appreciated, thanks.
Best Answer
What you're seeing there is an orderly shutdown triggered by a local or remote process running as "Administrator". You should use your Security Event Log (with "Audit logon events" for success enabled) to track down where the logon is coming from. If it's a local process then you may be able to use "Process tracking" to further track down the source of the shutdown request.