Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows shuts down seemingly by itself - no virus

Status
Not open for further replies.
iviguy

iviguy

Technical User
Aug 12, 2004
8
0
0
US
This system is running Win2K with SP4 and has current virus software installed. I don't believe this issue is being caused by a virus like Sasser. The system from time to time will shut down with a screen on the monitor saying it is safe to shutdown the system. Oddly enough though when the system is restarted an event will be logged stating that the previous shutdown was unexpected. Terminal services is active and some people do have access to this system, so I am not ruling out the possibility of someone inadvertantly shutting the system down or doing on purpose. This system has no UPS and power schemes are disabled.

Has anyone had experience dealing with this kind of problem? How do I prove or resolve the cause? Is there a way in W2K server to log when and who requested a shutdown like what is available in W2003 or XP?

Any help would be appreciated.
 
Sort by date Sort by votes
Yeah, I read your thread before and that is why I stated that there is no virus on the system. They are using Symantec Corporate edition and we have done several scans and ran seperate utilities like stinger with no results. The system doesn't seem to have any other software like you mention but I can check that again. I still think its either intentional by someone or unintentional by someone, but I don't know just yet how to prove that.
 
Upvote 0 Downvote
Well first off, you say other peopel have access to the system. Can you limit that, and if not change the group policy, User Rights Assignment, Shut down the system, so that only administrators can shut down the system.
 
Upvote 0 Downvote
Maybe its a thermal problem. I've got my machines to power down when they get too hot, etc. This can be done in the BIOS, or with some motherboards they provide windows software to do this too.

Monitoring of system fans, CPU fans, system temperature and CPU temperature are all quite common.

Another thing, is it possible the power button is being pressed accidently. A lot of power switches can now be configured to shut down windows if pressed.
 
Upvote 0 Downvote
tangostar - Yes, we are currently working on a plan to limit users. Maybe something as simple as changing the password and see who complains. I think there is a way to policy the system to audit/log when and who or what shuts the system down. I am looking into that.

figmatalan - Hmm. I can check into that as well. I haven't seen this on our systems, but that doesn't mean its not there. The power button on our systems will instantly shut off the system. What is odd about this issue is that the screen says it is now safe to shut the system down but uptime.exe records it as an unexpected shutdown. So its possible that something is causing an abrupt shutdown but it's not completing a reboot. Maybe like you say with some temp monitor or something.
 
Upvote 0 Downvote
Make sure the people using Terminal Services dont have access to shutdown the machine. There is a setting to remove the shutdown option from a TS session but I can't remember where it is off the top of my head, somewhere in the policies though.
 
Upvote 0 Downvote
Maybe you misunderstood my reply, I refered to a submitted post in the above mentioned threat, stating that it might be a hardware error and the restart caused by some monitoring utility for your server i.e. like HP's Insight Manager.
 
Upvote 0 Downvote
This will sound odd, but it's happened to me... I was coming in the morning and my systems had shut down. They were on the "Safe to Turn off Your Computer" message. All winter, things were fine, but now that summer was there, the systems shutdown one day out of two in the middle of the night.

I found out the building wanted to save some money, so they were shutting off the A/C in the middle of the night. My systems would overheat and shutdown..... The UPS was sending the signal and the systems were not turning off, but rather doing a shutdown, as programmed... maybe that's your case?



"In space, nobody can hear you click..."
 
Upvote 0 Downvote
ReddLefty - That seems like a possibility and I guess what Markus0815 was refering to. I did check and there is no UPS setup but there might be some other setting or software. These systems are running on proprietary hardware but that doesn't mean that the customer didn't install something...

Markus0815 - I did understand your post, I just reread my reply and it seems I was a bit confusing. What I meant to say was that I didn't see any software like the HP's Insight Manager but I would check again for that. What you and Redd are saying makes some sense. It seems that something is causing a less than graceful shutdown and maybe is not able to do a reboot so it sits at the shutdown screen.
 
Upvote 0 Downvote
I have two sytems that have an identical problem to the one described. Both are running instruments connected by LAN, and are not connected to a network. One is a HP Vectra running Window 2000, and the other is a compaq P4 running Windows XP.

They both shut down all software that is running, and log off the user; generally during periods of inactivity (i.e. at night). It does not shut down the computer completely; just closes the software running and logs off--you are left with the log on screen. I am pretty sure it is not a virus issue, and it is not a thermal issue (temperatures are logged on the nearby instruments, and if anything it is cooler when they shut down). There is no remote access to the instruments.

Any further thoughts on this would be fantastic.
 
Upvote 0 Downvote
Just a thought, if this is a terminal server, is that terminal server users log on as a local user, and if they log out with shut down instead of log out, it could cause this type problem. Your (local and remote) users should all be restriced from shutting down the system using the local machine security policies, except for administrator accounts.


Thermal problem is always a concen. How big a room are these systems in?

Even without air conditioning on, it still has to get protty hot in the room to cause a system to crash from thermal overload, but a faulty fan in the larger servers can shut the system down quickly, especially a CPU cooling fan. Most of the servers with multiple fans will shut down with any fan failure, and you get the message described even though the system has really already shut down to protect itself, and you get the stated log result.

HTH
David
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
225
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
245
suncit
suncit
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
191
antonio_dsanchez
antonio_dsanchez
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
301
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
230
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top